261 lines
8.4 KiB
Bash
261 lines
8.4 KiB
Bash
#! /bin/bash
|
|
function bdsatib() {
|
|
{
|
|
ufw-blocklists.sh -l "bdsatib https://www.binarydefense.com/banlist.txt"
|
|
if ! crontab -l | grep -q "bdsatib"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "bdsatib https://www.binarydefense.com/banlist.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function f2ball() {
|
|
{
|
|
ufw-blocklists.sh -l "f2ball https://lists.blocklist.de/lists/all.txt"
|
|
if ! crontab -l | grep -q "f2ball"; then
|
|
echo -e "$(crontab -u root -l)\n*/35 * * * * /usr/local/bin/ufw-blocklists.sh -l "f2ball https://lists.blocklist.de/lists/all.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function bfblocker() {
|
|
{
|
|
ufw-blocklists.sh -l "bfblocker https://danger.rulez.sk/projects/bruteforceblocker/blist.php"
|
|
if ! crontab -l | grep -q "bfblocker"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "bfblocker https://danger.rulez.sk/projects/bruteforceblocker/blist.php"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function cinsarmy() {
|
|
{
|
|
ufw-blocklists.sh -l "cinsarmy http://cinsscore.com/list/ci-badguys.txt"
|
|
if ! crontab -l | grep -q "cinsarmy"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "cinsarmy http://cinsscore.com/list/ci-badguys.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function drop() {
|
|
{
|
|
if grep -q -E "IPV6=(yes|YES)" /etc/default/ufw; then
|
|
ufw-blocklists.sh -l "drop https://www.spamhaus.org/drop/drop.txt" -l "dropv6 https://www.spamhaus.org/drop/dropv6.txt"
|
|
if ! crontab -l | grep -q "dropv6"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "drop https://www.spamhaus.org/drop/drop.txt" -l "dropv6 https://www.spamhaus.org/drop/dropv6.txt"" | crontab -u root -
|
|
fi
|
|
else
|
|
ufw-blocklists.sh -l "drop https://www.spamhaus.org/drop/drop.txt"
|
|
if ! crontab -l | grep -q "drop"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "drop https://www.spamhaus.org/drop/drop.txt"" | crontab -u root -
|
|
fi
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function edrop() {
|
|
{
|
|
ufw-blocklists.sh -l "edrop https://www.spamhaus.org/drop/edrop.txt"
|
|
if ! crontab -l | grep -q "edrop"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "edrop https://www.spamhaus.org/drop/edrop.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function feodoc2() {
|
|
{
|
|
ufw-blocklists.sh -l "feodoc2 https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt"
|
|
if ! crontab -l | grep -q "feodoc2"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "feodoc2 https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function feodoioc() {
|
|
{
|
|
ufw-blocklists.sh -l "feodoioc https://feodotracker.abuse.ch/downloads/ipblocklist.txt"
|
|
if ! crontab -l | grep -q "fedoioc"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "feodoioc https://feodotracker.abuse.ch/downloads/ipblocklist.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function firehol() {
|
|
{
|
|
ufw-blocklists.sh -l "firehol https://iplists.firehol.org/files/firehol_level1.netset"
|
|
if ! crontab -l | grep -q "firehol"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "firehol https://iplists.firehol.org/files/firehol_level1.netset"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function greensnow() {
|
|
{
|
|
ufw-blocklists.sh -l "greensnow https://blocklist.greensnow.co/greensnow.txt"
|
|
if ! crontab -l | grep -q "bdsatib"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "greensnow https://blocklist.greensnow.co/greensnow.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function ipsum() {
|
|
{
|
|
ufw-blocklists.sh -l "ipsum https://raw.githubusercontent.com/stamparm/ipsum/master/levels/2.txt"
|
|
if ! crontab -l | grep -q "ipsum"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "ipsum https://raw.githubusercontent.com/stamparm/ipsum/master/levels/2.txt"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function maxmind(){
|
|
{
|
|
ufw-blocklists.sh -l "maxmind https://www.maxmind.com/en/anonymous_proxies"
|
|
if ! crontab -l | grep -q "maxmind"; then
|
|
echo -e "$(crontab -u root -l)\n@daily /usr/local/bin/ufw-blocklists.sh -l "maxmind https://www.maxmind.com/en/anonymous_proxies"" | crontab -u root -
|
|
fi
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function blocklist_menu() {
|
|
{
|
|
clear
|
|
echo "Please select which blocklist from the list below"
|
|
printf "\n"
|
|
echo "1 - Binary Defense Systems Artillery Threat Intelligence Banlist"
|
|
echo "2 - Blocklist.de Fail2Ban Reporting (all)"
|
|
echo "3 - BruteForceBlocker"
|
|
echo "4 - CINS Army List"
|
|
echo "5 - FEODO Tracker: Botnet C2 - (Recommended)"
|
|
echo "6 - FEODO Tracker: Botnet C2 IoC - (Recommended)"
|
|
echo "7 - FireHOL IP List Level 1"
|
|
echo "8 - MaxMind"
|
|
echo "9 - GreenSnow"
|
|
echo "10 - IPsum - (Recommended)"
|
|
echo "11 - Spamhaus Don't Route Or Peer List (DROP)"
|
|
echo "12 - Spamhaus Extended DROP List (EDROP):"
|
|
echo "B - Go Back"
|
|
echo "X - Exit"
|
|
|
|
read -rn 1 user_input
|
|
if [[ "$user_input" == '1' ]]; then
|
|
bdsatib
|
|
elif [[ "$user_input" == '2' ]]; then
|
|
f2ball
|
|
elif [[ "$user_input" == '3' ]]; then
|
|
bfblocker
|
|
elif [[ "$user_input" == '4' ]]; then
|
|
cins
|
|
elif [[ "$user_input" == '5' ]]; then
|
|
feodoc2
|
|
elif [[ "$user_input" == '6' ]]; then
|
|
feodoioc
|
|
elif [[ "$user_input" == '7' ]]; then
|
|
firehol
|
|
elif [[ "$user_input" == '8' ]]; then
|
|
maxmind
|
|
elif [[ "$user_input" == '9' ]]; then
|
|
greensnow
|
|
elif [[ "$user_input" == '10' ]]; then
|
|
ipsum
|
|
elif [[ "$user_input" == '11' ]]; then
|
|
drop
|
|
elif [[ "$user_input" == '12' ]]; then
|
|
edrop
|
|
elif [[ "$user_input" == xX ]]; then
|
|
exit 0
|
|
elif [[ "$user_input" == bB ]]; then
|
|
Main_Menu
|
|
fi
|
|
}
|
|
}
|
|
|
|
function ipv6_install() {
|
|
{
|
|
# Check that ufw has IPv6 enabled
|
|
if ! grep -q -E "IPV6=(yes|YES)" /etc/default/ufw; then
|
|
echo "ERROR: IPv6 rules requested but UFW is not configured to use IPv6. Set IPV6=yes in /etc/default/ufw and rerun this script."
|
|
Main_Menu
|
|
fi
|
|
|
|
wget https://files.mylinux.work/s/aRXEsCe5G8b43QB/download/after6.init
|
|
chmod 750 after6.init
|
|
mv /tmp/after6.init /etc/ufw/after6.init
|
|
|
|
blocklist_menu
|
|
}
|
|
}
|
|
|
|
function ipv6_menu() {
|
|
{
|
|
clear
|
|
echo "Would you like to enable IPv6 support? [Y/n]"
|
|
printf "\n"
|
|
echo "Y - Yes"
|
|
echo "N - No"
|
|
|
|
read -rn 1 user_input
|
|
if [[ "$user_input" == [yY] ]]; then
|
|
ipv6_install
|
|
elif [[ "$user_input" == [nN] ]]; then
|
|
blocklist_menu
|
|
fi
|
|
}
|
|
}
|
|
|
|
function ipv4_install() {
|
|
{
|
|
if [ ! "$(command -v ipset)" ]; then
|
|
apt -y install ipset
|
|
fi
|
|
cd /tmp || exit 2
|
|
wget https://files.mylinux.work/s/cqKc2CkzmHMpBXW/download/after.init
|
|
chmod 750 after.init
|
|
mv /tmp/after.init /etc/ufw/after.init
|
|
|
|
wget https://files.mylinux.work/s/KfDSRWCcrxiTftf/download/ufw-blocklists.sh
|
|
chmod 755 ufw-blocklists.sh
|
|
mv /tmp/ufw-blocklists.sh /usr/local/bin/
|
|
ipv6_menu
|
|
}
|
|
}
|
|
|
|
function Main_Menu() {
|
|
{
|
|
clear
|
|
echo "Configure UFW to block IPs listed in blocklist ipsets? [Y/n]"
|
|
printf "\n"
|
|
echo "Y - Yes"
|
|
echo "N - No"
|
|
|
|
read -rn 1 user_input
|
|
if [[ "$user_input" == [yY] ]]; then
|
|
ipv4_install
|
|
elif [[ "$user_input" == [nN] ]]; then
|
|
exit 0
|
|
fi
|
|
}
|
|
}
|
|
|
|
Main_Menu |