mailinabox/conf/blocklist/sync-fail2ban

#!/bin/bash

##  Update fail2ban iptables with globally known attackers.
##  Actually, runs 100% independently now, without needing fail2ban installed.
##
##  /etc/cron.daily/sync-fail2ban
##
## Author: Marcos Kobylecki <fail2ban.globalBlackList@askmarcos.com>
## http://www.reddit.com/r/linux/comments/2nvzur/shared_blacklists_from_fail2ban/


## Quit if fail2ban is missing.  Maybe this fake requirement can be skipped? YES.
#PROGRAM=/etc/init.d/fail2ban
#[ -x $PROGRAM ] || exit 0

datadir=/etc/fail2ban
[[ -d "$datadir" ]] || datadir=/tmp

## Get default settings of fail2ban (optional?)
[ -r /etc/default/fail2ban ] && . /etc/default/fail2ban

umask 000
blacklistf=$datadir/blacklist.blocklist.de.txt

mv -vf  $blacklistf  $blacklistf.last

badlisturls="http://antivirus.neu.edu.cn/ssh/lists/base_30days.txt http://lists.blocklist.de/lists/ssh.txt  http://lists.blocklist.de/lists/bruteforcelogin.txt"


 iptables -vN fail2ban-ssh   # Create the chain if it doesn't exist. Harmless if it does.
  
# Grab list(s) at https://www.blocklist.de/en/export.html .  Block.
echo "Adding new blocks:"
 time  curl -s http://lists.blocklist.de/lists/ssh.txt  http://lists.blocklist.de/lists/bruteforcelogin.txt \
  |sort -u \
  |tee $blacklistf \
  |grep -v '^#\|:' \
  |while read IP; do iptables -I fail2ban-ssh 1 -s $IP -j DROP; done 


# Which listings had been removed since last time?  Unblock.
echo "Removing old blocks:"
if [[ -r  $blacklistf.diff ]]; then
  #       comm  is brittle, cannot use sort -rn 
 time  comm -23 $blacklistf.last  $blacklistf \
   |tee $blacklistf.delisted \
   |grep -v '^#\|:' \
   |while read IP; do  iptables -w -D fail2ban-ssh -s $IP -j DROP || iptables -wv -D fail2ban-ssh -s $IP -j LOGDROP; done 

fi


# prepare for next time.
	diff -wbay $blacklistf.last $blacklistf  > $blacklistf.diff 


# Saves a copy of current iptables rules, should you like to check them later.
(set -x; iptables -wnv -L --line-numbers; iptables -wnv -t nat -L --line-numbers) &> /tmp/iptables.fail2ban.log &


exit 

# iptables v1.4.21: host/network `2a00:1210:fffe:145::1' not found
# So weed out IPv6, try |grep -v ':' 

## http://ix.io/fpC

 
# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype># Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
moved blocklist script locally within installation 2016-06-27 13:38:14 +00:00			`#!/bin/bash`

			`## Update fail2ban iptables with globally known attackers.`
			`## Actually, runs 100% independently now, without needing fail2ban installed.`
			`##`
			`## /etc/cron.daily/sync-fail2ban`
			`##`
			`## Author: Marcos Kobylecki <fail2ban.globalBlackList@askmarcos.com>`
			`## http://www.reddit.com/r/linux/comments/2nvzur/shared_blacklists_from_fail2ban/`


			`## Quit if fail2ban is missing. Maybe this fake requirement can be skipped? YES.`
			`#PROGRAM=/etc/init.d/fail2ban`
			`#[ -x $PROGRAM ] \|\| exit 0`

			`datadir=/etc/fail2ban`
			`[[ -d "$datadir" ]] \|\| datadir=/tmp`

			`## Get default settings of fail2ban (optional?)`
			`[ -r /etc/default/fail2ban ] && . /etc/default/fail2ban`

			`umask 000`
			`blacklistf=$datadir/blacklist.blocklist.de.txt`

			`mv -vf $blacklistf $blacklistf.last`

			`badlisturls="http://antivirus.neu.edu.cn/ssh/lists/base_30days.txt http://lists.blocklist.de/lists/ssh.txt http://lists.blocklist.de/lists/bruteforcelogin.txt"`


			`iptables -vN fail2ban-ssh # Create the chain if it doesn't exist. Harmless if it does.`

			`# Grab list(s) at https://www.blocklist.de/en/export.html . Block.`
			`echo "Adding new blocks:"`
			`time curl -s http://lists.blocklist.de/lists/ssh.txt http://lists.blocklist.de/lists/bruteforcelogin.txt \`
			`\|sort -u \`
			`\|tee $blacklistf \`
			`\|grep -v '^#\\|:' \`
			`\|while read IP; do iptables -I fail2ban-ssh 1 -s $IP -j DROP; done`



			`# Which listings had been removed since last time? Unblock.`
			`echo "Removing old blocks:"`
			`if [[ -r $blacklistf.diff ]]; then`
			`# comm is brittle, cannot use sort -rn`
			`time comm -23 $blacklistf.last $blacklistf \`
			`\|tee $blacklistf.delisted \`
			`\|grep -v '^#\\|:' \`
			`\|while read IP; do iptables -w -D fail2ban-ssh -s $IP -j DROP \|\| iptables -wv -D fail2ban-ssh -s $IP -j LOGDROP; done`

			`fi`


			`# prepare for next time.`
			`diff -wbay $blacklistf.last $blacklistf > $blacklistf.diff`





			`# Saves a copy of current iptables rules, should you like to check them later.`
			`(set -x; iptables -wnv -L --line-numbers; iptables -wnv -t nat -L --line-numbers) &> /tmp/iptables.fail2ban.log &`


			`exit`

			# iptables v1.4.21: host/network `2a00:1210:fffe:145::1' not found
			`# So weed out IPv6, try \|grep -v ':'`

			`## http://ix.io/fpC`


			`# Option: actionban`
			`# Notes.: command executed when banning an IP. Take care that the`
			`# command is executed with Fail2Ban user rights.`
			`# Tags: See jail.conf(5) man page`
			`# Values: CMD`
			`#`
			`actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype># Option: actionunban`
			`# Notes.: command executed when unbanning an IP. Take care that the`
			`# command is executed with Fail2Ban user rights.`
			`# Tags: See jail.conf(5) man page`
			`# Values: CMD`
			`#`
			`actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>`