paramah/ossec-blacklist
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add Linux script

Browse Source
This commit is contained in:
Pawel Krawczyk
2014-10-01 12:46:26 +01:00
parent e67492b8bf
commit 0c65b715c9
1 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
blacklist.sh Normal file
View File

@@ -0,0 +1,52 @@
#!/bin/sh
# IP blacklisting script for Linux servers
# Pawel Krawczyk https://keybase.io/kravietz
#
# This script should be *only* used on OpenWRT as it relies on uci configuration framework
# specific to these routers.
#
# This script should be installed as /etc/cron.daily/blacklist
# Emerging Threats lists offensive IPs such as botnet command servers
urls="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
# Blocklist.de collects reports from fail2ban probes, listing password brute-forces, scanners and other offenders
urls="$urls https://www.blocklist.de/downloads/export-ips_all.txt"
blocklist_chain_name=blocklists
if [ ! -x /usr/sbin/ipset ]; then
echo "Cannot find ipset"
echo "Run \"apt-get install ipset\" or \"yum install ipset\""
exit 1
fi
# create main blocklists chain
if ! iptables -L ${blocklist_chain_name}; then iptables -N ${blocklist_chain_name}; fi
# inject references to blocklist in the beginning of input and forward chains
if ! iptables -L INPUT|grep -q ${blocklist_chain_name}; then
iptables -I INPUT 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
fi
if ! iptables -L FORWARD|grep -q ${blocklist_chain_name}; then
iptables -I FORWARD 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
fi
iptables -F ${blocklist_chain_name}
for url in $urls; do
tmp=$(mktemp)
tmp2=$(mktemp)
set_name=$(basename $url)
curl --compressed -k "$url" >"$tmp"
sort -u <"$tmp" | egrep "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >"$tmp2"
ipset -! create ${set_name} hash:net
while read line; do
ipset add ${set_name} "$line"
done <"$tmp2"
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -m limit --limit 10/minute -j LOG --log-prefix "BLOCK ${set_name} "
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -j DROP
echo ${set_name} $(ipset list ${set_name} | wc -l)
done