external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

double checking lists

Browse Source
This commit is contained in:
ChiefGyk 2016-06-29 09:05:39 -04:00
parent a931ec80ad
commit ed8881afc9
4 changed files with 8 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -2,6 +2,8 @@
blocklist-installer blocklist-installer
This will install a cron to run daily and pull lists from https://blocklist.de to block malicious IP addresses. Adding around ~20,000 or more IP addresses per day, all voluntarily and freely contributed through people with Fail2Ban accounts. If setting up Fail2Ban I suggest you help contribute to blocklist.de. This will install a cron to run daily and pull lists from https://blocklist.de to block malicious IP addresses. Adding around ~20,000 or more IP addresses per day, all voluntarily and freely contributed through people with Fail2Ban accounts. If setting up Fail2Ban I suggest you help contribute to blocklist.de.
Script is pretty self explanatory it prepares IPTables persistence, and the cron tab. Simply run as root and it will do the work for you. Script is pretty self explanatory it prepares IPTables persistence, and the cron tab. Simply run as root and it will do the work for you.
2.0 has been rewritten with help from some research to use IPset and far more tables and lists resourced. Please do not run this more than once per day, per server.
Tested on Ubuntu 14.04LTS Tested on Ubuntu 14.04LTS
alon@ganon.me alon@ganon.me
https://alonganon.info https://alonganon.info

7
blacklist
View File

@ -1,5 +1,4 @@
#!/bin/bash #!/bin/bash
# Found here
IP_TMP=/tmp/ip.tmp IP_TMP=/tmp/ip.tmp
IP_BLACKLIST=/etc/ip-blacklist.conf IP_BLACKLIST=/etc/ip-blacklist.conf
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
@ -10,7 +9,7 @@ BLACKLISTS=(
"http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes
"http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies
"http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List
"http://rules.emergingthreats.net/blockrules/rbn-ips.txt" # Emerging Threats - Russian Business Networks List #"http://rules.emergingthreats.net/blockrules/rbn-ips.txt" # Emerging Threats - Russian Business Networks List
"http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP) "http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP)
"http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List "http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List
"http://www.openbl.org/lists/base.txt" # OpenBL.org 30 day List "http://www.openbl.org/lists/base.txt" # OpenBL.org 30 day List
@ -25,9 +24,9 @@ done
for i in `echo $list`; do for i in `echo $list`; do
# Download # Download
wget --quiet http://www.wizcrafts.net/$i-iptables-blocklist.html wget --quiet http://www.wizcrafts.net/$i-iptables-blocklist.html
# Grep out all but ip blocks # Grep all but ip blocks
cat $i-iptables-blocklist.html | grep -v \< | grep -v \: | grep -v \; | grep -v \# | grep [0-9] > $i.txt cat $i-iptables-blocklist.html | grep -v \< | grep -v \: | grep -v \; | grep -v \# | grep [0-9] > $i.txt
# Consolidate blocks into master list # Consolidate
cat $i.txt >> $IP_BLACKLIST_TMP cat $i.txt >> $IP_BLACKLIST_TMP
done done

3
install.sh
View File

@ -1,6 +1,7 @@
# Add Blocklist.de malicious IP Addresses to Daily Crontab # Add Blocklist.de malicious IP Addresses to Daily Crontab
# Also IPtables-persistent to save IP addresses upon reboot # Also IPtables-persistent to save IP addresses upon reboot
# Added by Alon "ChiefGyk" Ganon # Added by Alon "ChiefGyk" Ganon
# alonganon.info
# alon@ganon.me # alon@ganon.me
# Are we running as root? # Are we running as root?
@ -16,7 +17,9 @@ echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-
apt-get update apt-get update
apt-get install -y ipset apt-get install -y ipset
ipset create blacklist hash:net ipset create blacklist hash:net
iptables -I INPUT -m set --match-set blacklist src -j DROP
cp blacklist /etc/cron.daily/blacklist cp blacklist /etc/cron.daily/blacklist
chmod a+x /etc/cron.daily/blacklist chmod a+x /etc/cron.daily/blacklist
time /etc/cron.daily/blacklist time /etc/cron.daily/blacklist
apt-get install -y iptables-persistent apt-get install -y iptables-persistent
echo "Blacklist has been installed. It will run daily automatically."

86
sync-fail2ban
View File

@ -1,86 +0,0 @@
#!/bin/bash
## Update fail2ban iptables with globally known attackers.
## Actually, runs 100% independently now, without needing fail2ban installed.
##
## /etc/cron.daily/sync-fail2ban
##
## Author: Marcos Kobylecki <fail2ban.globalBlackList@askmarcos.com>
## http://www.reddit.com/r/linux/comments/2nvzur/shared_blacklists_from_fail2ban/
## Quit if fail2ban is missing. Maybe this fake requirement can be skipped? YES.
#PROGRAM=/etc/init.d/fail2ban
#[ -x $PROGRAM ] || exit 0
datadir=/etc/fail2ban
[[ -d "$datadir" ]] || datadir=/tmp
## Get default settings of fail2ban (optional?)
[ -r /etc/default/fail2ban ] && . /etc/default/fail2ban
umask 000
blacklistf=$datadir/blacklist.blocklist.de.txt
mv -vf $blacklistf $blacklistf.last
badlisturls="http://antivirus.neu.edu.cn/ssh/lists/base_30days.txt https://lists.blocklist.de/lists/all.txt"
iptables -vN fail2ban-ssh # Create the chain if it doesn't exist. Harmless if it does.
# Grab list(s) at https://www.blocklist.de/en/export.html . Block.
echo "Adding new blocks:"
time curl -s https://lists.blocklist.de/lists/all.txt \
|sort -u \
|tee $blacklistf \
|grep -v '^#\|:' \
|while read IP; do iptables -I fail2ban-ssh 1 -s $IP -j DROP; done
# Which listings had been removed since last time? Unblock.
echo "Removing old blocks:"
if [[ -r $blacklistf.diff ]]; then
# comm is brittle, cannot use sort -rn
time comm -23 $blacklistf.last $blacklistf \
|tee $blacklistf.delisted \
|grep -v '^#\|:' \
|while read IP; do iptables -w -D fail2ban-ssh -s $IP -j DROP || iptables -wv -D fail2ban-ssh -s $IP -j LOGDROP; done
fi
# prepare for next time.
diff -wbay $blacklistf.last $blacklistf > $blacklistf.diff
# save IPtable rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# Saves a copy of current iptables rules, should you like to check them later.
(set -x; iptables -wnv -L --line-numbers; iptables -wnv -t nat -L --line-numbers) &> /tmp/iptables.fail2ban.log &
exit
# iptables v1.4.21: host/network `2a00:1210:fffe:145::1' not found
# So weed out IPv6, try |grep -v ':'
## http://ix.io/fpC
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype># Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>