d22b815127
- update fail2ban chains - generate test entry - catch spam trap mails resp. IP addresses
86 lines
2.6 KiB
Bash
Executable file
86 lines
2.6 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
#
|
|
# Add new IPs to the RBL based on these detection methods:
|
|
# - undetected spam
|
|
# - fail2ban banned IPs
|
|
|
|
rblfile="/var/lib/rbldns/list"
|
|
static_white=(
|
|
$(dig +short lugh.ch)
|
|
$(dig +short oxi.ch)
|
|
$(dig +short mail.zephry.ch)
|
|
)
|
|
static_black=(
|
|
$(dig +tcp +short www.uceprotect.net)
|
|
$(dig +tcp +short rsync-mirrors.uceprotect.net)
|
|
$(dig +tcp +short www.backscatterer.org)
|
|
$(dig +tcp +short unimatrix.admins.ws)
|
|
)
|
|
fail2ban_chains=(
|
|
fail2ban-dovecot
|
|
fail2ban-sasl
|
|
fail2ban-ssh
|
|
fail2ban-ssh-ddos
|
|
fail2ban-tumgreyspf
|
|
fail2ban-apache-digest
|
|
)
|
|
ban_ip=()
|
|
|
|
# Get currently banned IPs from fail2ban chains
|
|
iptables_banned=(
|
|
$(for chain in ${fail2ban_chains[@]}; do
|
|
/sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0'
|
|
done | sort | uniq)
|
|
)
|
|
|
|
# Get SPAM mails sent to specific address
|
|
spamtrap=(
|
|
$(grep ' -> <hans.muster@lugh.ch>' /var/log/mail.log | awk -F'[][]' '{print $6}')
|
|
)
|
|
|
|
if [ ! -s $rblfile ]; then
|
|
cat << HEREDOC > $rblfile
|
|
# Automatically generated at $(date) by $0
|
|
|
|
# Test entry http://www.ietf.org/rfc/rfc5782.txt
|
|
127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782
|
|
|
|
:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details
|
|
# Whitelist
|
|
$(printf "!%s # 0\n" "${static_white[@]}")
|
|
|
|
# Blacklist
|
|
$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}")
|
|
|
|
# Recent temporary listings
|
|
HEREDOC
|
|
fi
|
|
|
|
# fail2ban
|
|
for ip in ${iptables_banned[@]}; do
|
|
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
|
|
# Add IP
|
|
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
|
printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
|
|
fi
|
|
done
|
|
|
|
# SPAM
|
|
for ip in ${spamtrap[@]}; do
|
|
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
|
|
# Add IP
|
|
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
|
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
|
|
fi
|
|
done
|
|
|
|
# Generate user friendly web-viewable list
|
|
echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt
|
|
echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/list.txt
|
|
cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt
|
|
|
|
for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do
|
|
newtime=$(date -d @$(echo $timestamp))
|
|
sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt
|
|
|
|
done
|