Get DShield Blocklist

From brokenpoet.org wiki

1 Overview
2 install.sh
3 getdshieldblocklist.sh
4 uninstall.sh

Overview

The purpose of these scripts is to download and apply the DShield Blocklist. This is a community maintained Blocklist that is basically a compiled list of the top 20 offenders from all the members submitted logs. It is updated daily. More information can be found at DShield Blocklist Update.

It is divided into three separate scripts - and should not be used separately. The code can be grabbed from:

wget http://scripts.brokenpoet.org/getdshieldblocklist-0.0.3

install.sh

#!/bin/bash

echo "Installing . . . "
echo
echo "Setting up directory"
mkdir -p /etc/dshield
echo "Copying script"
cp getdshieldblocklist.sh /etc/dshield
chmod 700 /etc/dshield/getdshieldblocklist.sh
echo "Setting up cronjob"

cdate=$(date +%Y.%m.%d)
filename="crontab-$cdate.cron"
crontab -l > /tmp/$filename
check=$(grep getdshield /tmp/$filename)

if [ -n "$check" ]
then
  :
else
  echo "0 10 * * * /etc/dshield/getdshieldblocklist.sh >/dev/null 2>&1" >> /tmp/$filename
  crontab /tmp/$filename
fi

rm -f /tmp/$filename

options=0
if [ -a /etc/csf/csf.pl ]
then
  csf="csf"
  options=$(( $options +  1 ))
fi
if [ -a /etc/apf/apf ]
then
  apfcheck=$(apf -u|wc -l)
  if [ $apfcheck == "1" ]
  then
    apf="apf"
    options=$(( $options + 3 ))
  fi
fi

echo
echo "Install Completed"
echo
echo "YOU MUST open /etc/dshield/getdshieldblocklist.sh and configure the"
echo "firewall software"
echo
if [ $options = 0 ]
then
  echo "Your option is: iptables"
elif [ $options = 1 ]
then
  echo "Your options are: csf or iptables"
elif [ $options = 3 ]
then
  echo "Your options are: apf or iptables"
elif [ $options = 4 ]
then
  echo "It appears you have apf, csf and iptables - please check which you are actively using"
fi
echo

getdshieldblocklist.sh

#!/bin/bash
# written by benjamin cathey on 2008.07.30
#
# used to get dshield blocklist and implement using apf, csf or iptables

#program selection - please choose only one

#ban="csf"
#ban="iptables"
ban="apf"

#logfile

log="/etc/dshield/dshieldrunlog"

#program paths

apf="/etc/apf/apf"
csf="/etc/csf/csf.pl"
iptables="/sbin/iptables"

#contact email

email="bcathey@liquidweb.com"

echo "`date` - DShield Update begun on `hostname`" >> $log
echo "------------------------------------------------------------------------------------------" >> $log
echo "" >> $log

if [ -a /etc/dshield/block.txt ]; then 
  echo "`date` - block.txt exists" >> $log
echo "------------------------------------------------------------------------------------------" >> $log
  echo "" >> $log
  echo "`date` - removing old blocks" >> $log
echo "------------------------------------------------------------------------------------------" >> $log
  oldlist=$(cat /etc/dshield/block.txt |awk '/^[0-9]/'|awk '{print $1"/"$3}'|sort -n)
  for ip in $oldlist 
  do
    if [ $ban == "csf" ]; then
      echo "`date` - ran 'csf -dr $ip'" >> $log
      $csf -dr $ip
    elif [ $ban == "iptables" ]; then
      echo "`date` - ran 'iptables -D INPUT -s $ip -j DROP'" >> $log
      $iptables -D INPUT -s $ip -j DROP
    elif [ $ban == "apf" ]; then
      echo "`date` - ran 'apf -u $ip'" >> $log
      $apf -u $ip
    fi
  done
  echo "" >> $log
  echo "`date` - removing old block.txt" >> $log
  echo ""
  rm -f /etc/dshield/block.txt
else
  :
fi

# get daily list
echo "`date` - downloading new blocklist" >> $log
echo "" >> $log
wget -O /etc/dshield/block.txt http://feeds.dshield.org/block.txt

# parse new list
echo "`date` - adding new blocks" >> $log
echo "------------------------------------------------------------------------------------------" >> $log
echo "" >> $log
blocklist=$(cat /etc/dshield/block.txt |awk '/^[0-9]/'|awk '{print $1"/"$3}'|sort -n)
for ip in $blocklist
do
    if [ $ban == "csf" ]; then
      echo "`date` - running 'csf -d $ip'" >> $log
      $csf -d $ip
    elif [ $ban == "iptables" ]; then
      echo "`date` running 'iptables -I INPUT -s $ip -j DROP'" >> $log
      $iptables -I INPUT -s $ip -j DROP
    elif [ $ban == "apf" ]; then
      echo "`date` - running 'apf -d $ip {DSHIELD_`date +%Y.%m.%d`}'" >> $log
      $apf -d $ip {DSHIELD_`date +%Y.%m.%d`}
    fi
done

cat $log|mail -s "DShield updated on `date +%Y.%m.%d` on `hostname`" $email
rm -f $log

uninstall.sh

#!/bin/bash

#program paths

apf="/etc/apf/apf"
csf="/etc/csf/csf.pl"
iptables="/sbin/iptables"

echo "Uninstalling . . . "
echo
echo "Removing rules from firewall"
echo 

fw=$(cat /etc/dshield/getdshieldblocklist.sh |awk '!/#/'|grep ^ban|sed 's/"//g')

  oldlist=$(cat /etc/dshield/block.txt |awk '/^[0-9]/'|awk '{print $1"/"$3}'|sort -n)
  for ip in $oldlist 
  do
    if [ $fw == "ban=csf" ]; then
      $csf -dr $ip
    elif [ $fw == "ban=iptables" ]; then
      $iptables -D INPUT -s $ip -j DROP
    elif [ $fw == "ban=apf" ]; then
      $apf -u $ip
    fi
  done

echo
echo "Removing directory"
rm -rf /etc/dshield
echo "Removing cronjob"

cdate=$(date +%Y.%m.%d)
filename="crontab-$cdate.cron"
crontab -l |awk '!/getdshield/' > /tmp/$filename
crontab /tmp/$filename

rm -f /tmp/$filename

echo

Retrieved from "http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist"

brokenpoet.org wiki

Get DShield Blocklist

From brokenpoet.org wiki

Contents

Overview

install.sh

getdshieldblocklist.sh

uninstall.sh

Views

Personal tools

Navigation

Search

Toolbox