Update blocklist.sh

This commit is contained in:
Alfonso 2023-05-30 13:56:03 +02:00 committed by GitHub
parent 005c67a66f
commit 12464b1a7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,5 +1,8 @@
#!/bin/bash
if [ "$(whoami)" == "root" ]; then echo "root ok"; else echo "run as root!"; exit 1; fi;
if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi
#if [ "$(whoami)" == "root" ]; then echo "root ok"; else echo "run as root!"; exit 1; fi;
#apt update && apt install -y iptables jq ipset coreutils grep
IPTABLES_PATH=$(whereis iptables | awk '{print $2}')
IPSET_PATH=$(whereis ipset | awk '{print $2}')
@ -26,15 +29,15 @@ installed jq
installed grep
echo "Downloading the most recent IP list from $BLOCKLISTDE ... and adding them to ipset blocklistde"
$(whereis ipset | cut -d" " -f 2) create blocklistde hash:ip
curl -s https://lists.blocklist.de/lists/all.txt | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | xargs -L1 $IPSET_PATH add blocklistde 2>&1
${SUDO} $(whereis ipset | cut -d" " -f 2) create blocklistde hash:ip
curl -s https://lists.blocklist.de/lists/all.txt | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | xargs -L1 ${SUDO} $IPSET_PATH add blocklistde 2>&1
echo "Downloading the most recent IP list from $CRWALERS ... and adding them to ipset crawler_bots"
$(whereis ipset | cut -d" " -f 2) create crawler_bots hash:ip
curl -s https://isc.sans.edu/api/threatcategory/research?json | jq '.[] | {ipv4}' | grep ':' | awk '{ print $2 }' | tr -d '"' | xargs -L1 $IPSET_PATH add crawler_bots 2>&1
${SUDO} $(whereis ipset | cut -d" " -f 2) create crawler_bots hash:ip
curl -s https://isc.sans.edu/api/threatcategory/research?json | jq '.[] | {ipv4}' | grep ':' | awk '{ print $2 }' | tr -d '"' | xargs -L1 ${SUDO} $IPSET_PATH add crawler_bots 2>&1
echo "Downloading the most recent IP list from $ABUSE and adding them to abuseipdb"
$(whereis ipset | cut -d" " -f 2) create abuseipdb hash:ip
curl -G -H "key: $abuse_key" -H "Accept: text/plain" -d confidenceMinimum=90 https://api.abuseipdb.com/api/v2/blacklist | grep -v : | xargs -L1 $IPSET_PATH add abuseipdb 2>&1
${SUDO} $(whereis ipset | cut -d" " -f 2) create abuseipdb hash:ip
curl -G -H "key: $abuse_key" -H "Accept: text/plain" -d confidenceMinimum=90 https://api.abuseipdb.com/api/v2/blacklist | grep -v : | xargs -L1 ${SUDO} $IPSET_PATH add abuseipdb 2>&1
echo "Adding the iptables rules..."
$IPTABLES_PATH -I INPUT -m set --match-set crawler_bots src -j DROP
$IPTABLES_PATH -I INPUT -m set --match-set blocklistde src -j DROP
$IPTABLES_PATH -I INPUT -m set --match-set abuseipdb src -j DROP
${SUDO} $IPTABLES_PATH -I INPUT -m set --match-set crawler_bots src -j DROP
${SUDO} $IPTABLES_PATH -I INPUT -m set --match-set blocklistde src -j DROP
${SUDO} $IPTABLES_PATH -I INPUT -m set --match-set abuseipdb src -j DROP