1
|
#!/bin/bash
|
2
|
|
3
|
LOG_DIJON="/var/log/amon_dijon.log"
|
4
|
DAY=`date +"%d-%B-%Y-%H:%M"`
|
5
|
NOM_SCRIPT=`echo ${0##*/}`
|
6
|
|
7
|
IP_TMP=/tmp/ip.tmp
|
8
|
IP_BLACKLIST=/etc/ip-blacklist.conf
|
9
|
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
|
10
|
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional
|
11
|
BLACKLISTS=(
|
12
|
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs
|
13
|
"http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes
|
14
|
"http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies
|
15
|
"http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List
|
16
|
"http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP)
|
17
|
#"http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List
|
18
|
"http://www.openbl.org/lists/base.txt" # OpenBL.org 30 day List
|
19
|
"http://www.autoshun.org/files/shunlist.csv" # Autoshun Shun List
|
20
|
"http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv" # CSV List of all current Tor Server Ip adresses"
|
21
|
)
|
22
|
|
23
|
# Vérifie si le script est déjà en cours d'exécution
|
24
|
if pidof -x $(basename $0) > /dev/null; then
|
25
|
for p in $(pidof -x $(basename $0)); do
|
26
|
if [ $p -ne $$ ]; then
|
27
|
echo "$NOM_SCRIPT est déjà en cours d'exécution: Fin du script"
|
28
|
echo "$DAY --- $NOM_SCRIPT --- Script déjà en cours d'exécution ---" >> $LOG_DIJON
|
29
|
exit 1
|
30
|
fi
|
31
|
done
|
32
|
fi
|
33
|
|
34
|
echo "$DAY --- $NOM_SCRIPT --- Debut d'execution du script ---" >> $LOG_DIJON
|
35
|
|
36
|
for i in "${BLACKLISTS[@]}"
|
37
|
do
|
38
|
wget "$i" -O $IP_TMP
|
39
|
grep -Po '(?:\d{1,3}\.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLACKLIST_TMP
|
40
|
rm $IP_TMP
|
41
|
done
|
42
|
sort $IP_BLACKLIST_TMP -n | uniq > $IP_BLACKLIST
|
43
|
rm $IP_BLACKLIST_TMP
|
44
|
wc -l $IP_BLACKLIST
|
45
|
|
46
|
ipset --flush blacklistip
|
47
|
ipset --flush blacklistnet
|
48
|
egrep -v "^#|^$" $IP_BLACKLIST | while IFS= read -r ip
|
49
|
do
|
50
|
if [[ "$ip" =~ "/" ]]
|
51
|
then
|
52
|
ipset --add blacklistnet $ip
|
53
|
else
|
54
|
ipset --add blacklistip $ip
|
55
|
fi
|
56
|
done
|
57
|
|
58
|
if [ -f $IP_BLACKLIST_CUSTOM ]; then
|
59
|
egrep -v "^#|^$" $IP_BLACKLIST_CUSTOM | while IFS= read -r ip
|
60
|
do
|
61
|
if [[ "$ip" =~ "/" ]]
|
62
|
then
|
63
|
ipset --add blacklistnet $ip
|
64
|
else
|
65
|
ipset --add blacklistip $ip
|
66
|
fi
|
67
|
done
|
68
|
fi
|
69
|
|
70
|
echo "$DAY --- $NOM_SCRIPT --- Adresses à blacklister: `wc -l $IP_BLACKLIST` ---" >> $LOG_DIJON
|
71
|
echo "$DAY --- $NOM_SCRIPT --- Adresses custom à blacklister: `wc -l $IP_BLACKLIST_CUSTOM` ---" >> $LOG_DIJON
|
72
|
echo "$DAY --- $NOM_SCRIPT --- Fin d'execution du script ---" >> $LOG_DIJON
|
73
|
|