84 lines
3.6 KiB
Bash
84 lines
3.6 KiB
Bash
#!/bin/bash
|
|
exec 3>&1 4>&2
|
|
trap 'exec 2>&4 1>&3' 0 1 2 3
|
|
exec 1>log.out 2>&1
|
|
set -x
|
|
# Everything below will go to the file 'log.out':
|
|
source pid.sh
|
|
IP_TMP=/tmp/ip.tmp
|
|
IP_BLOCKLIST=/etc/ip-blocklist.conf
|
|
IP_BLOCKLIST_TMP=/tmp/ip-blocklist.tmp
|
|
IP_BLOCKLIST_CUSTOM=/etc/ip-blocklist-custom.conf # optional
|
|
BLACKLISTS=(
|
|
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs
|
|
"http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes
|
|
"http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies
|
|
"https://www.maxmind.com/en/high-risk-ip-sample-list" # MaxMind High Risk Sample List
|
|
"http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List
|
|
"https://rules.emergingthreats.net/blockrules/compromised-ips.txt" # Emerging Threats - Russian Business Networks List
|
|
"http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP)
|
|
"http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List
|
|
"http://www.autoshun.org/files/shunlist.csv" # Autoshun Shun List
|
|
"http://lists.blocklist.de/lists/all.txt" # blocklist.de fail2ban reporting service
|
|
"https://fx.vc-mp.eu/shared/iplist.txt" # ferex badlist
|
|
"https://feodotracker.abuse.ch/downloads/ipblocklist_aggressive.txt" # FEODO tracker
|
|
"https://reputation.alienvault.com/reputation.generic" # ALIENVAULT REPUTATION
|
|
"http://www.darklist.de/raw.php" # DARKLIST DE
|
|
"http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt"
|
|
"http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt"
|
|
"http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt"
|
|
"http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt"
|
|
"http://osint.bambenekconsulting.com/feeds/c2-masterlist.txt"
|
|
"http://osint.bambenekconsulting.com/feeds/dga-feed.txt"
|
|
"https://www.binarydefense.com/banlist.txt" # Binary Defense Systems
|
|
"https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt" # https://github.com/stamparm/ipsum
|
|
"http://sblam.com/blacklist.txt" # SBLAM
|
|
"http://blocklist.greensnow.co/greensnow.txt"
|
|
"http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt"
|
|
"https://www.malwaredomainlist.com/hostslist/ip.txt"
|
|
"https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt"
|
|
)
|
|
|
|
for i in "${BLACKLISTS[@]}"
|
|
do
|
|
curl "$i" > $IP_TMP
|
|
grep -Po '(?:\d{1,3}.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLOCKLIST_TMP
|
|
done
|
|
|
|
#Get the iblocklist
|
|
wget -qO- http://list.iblocklist.com/?list=erqajhwrxiuvjxqrrwfj&fileformat=p2p&archiveformat=gz > $_input || { echo "$0: Unable to download ip list."; exit 1; }
|
|
|
|
#Consolidate iblocklist into master list
|
|
cat "$_input" >> $IP_BLOCKLIST_TMP
|
|
|
|
#Consolidate the shodan.io IP addresses database
|
|
cat /opt/blocklist/shodan.txt >> $IP_BLOCKLIST_TMP
|
|
|
|
#Sort the list
|
|
sort $IP_BLOCKLIST_TMP -n | uniq > $IP_BLOCKLIST
|
|
|
|
#Remove temporary list
|
|
rm $IP_BLOCKLIST_TMP
|
|
|
|
#count how many IP addresses are in the list
|
|
wc -l $IP_BLOCKLIST
|
|
|
|
#Flush the ipset
|
|
/usr/sbin/ipset flush blocklist
|
|
|
|
#Add IP addresses to the ipset
|
|
grep -v "^#|^$" $IP_BLOCKLIST | while IFS= read -r ip;
|
|
do
|
|
/usr/sbin/ipset add blocklist "$ip";
|
|
done
|
|
|
|
### Section for firewalld
|
|
firewall-cmd --delete-ipset=blocklist --permanent
|
|
firewall-cmd --permanent --new-ipset=blocklist --type=hash:net --option=family=inet --option=hashsize=1048576 --option=maxelem=1048576
|
|
firewall-cmd --permanent --ipset=blocklist --add-entries-from-file=/etc/ip-blocklist.conf
|
|
firewall-cmd --reload
|
|
echo "Firewalld ipset list entries:"
|
|
firewall-cmd --permanent --ipset=blocklist --get-entries | wc -l
|
|
echo "ipset list entries:"
|
|
cat /etc/ip-blocklist.conf | wc -l
|