Browse Source

Add README_en; Add a check to verify if tools are present; some corrections...

HucSte 1 year ago
parent
commit
7de56caf7d

+ 11 - 10
BlockZones.sha512

@@ -1,14 +1,14 @@
 SHA512 (./badips.ksh) = 9e5a1fa57529fc272238d3e0e763a4b663468aa83a9303b65d92b0e1c99339a0f9710bc70c02b8bab799aa4a75dfda9d9967204f58a2721910d80511be4b79ff
-SHA512 (./README.md) = 2b703d026a5dd6dbd869d5eaf532f9b42aed99ce8d836454bb77d5e99d6120cb134c4f9f94d3a898c4bec2f070f877a7bdbdaeadabcb2dd1c9a737b2b47df4e5
+SHA512 (./README.md) = 576997e8cb458f528aadf47c0a85d5e53cb4eace4d4158771e2b81798448ee7083b275a11986109e6061ff32bf6b4141b9b5ef6c69fec49fe8452bddc2231e9e
 SHA512 (./badips) = b8fc67adfe7ca3b09f56e53edddd0ff5e8bbae57d0d42344955b363413a19a98ee60a3c4d5675c006d90610d5f6f6af6bc19d92a93950ba66f4761397613e4ac
-SHA512 (./inc/vars.ksh) = 6606326f88e260b68e1006e0fc6b9c1718512ae0d90dfef02d31f1c0904744f6120991e7d98a6db837b3259ac33e44615e7aa35da102d2cbb549f7213e79ce96
-SHA512 (./inc/commons_functions.ksh) = 2b7867dd37c345517ec9b883ac97ec36325f6375a89a3021acc400f4cc274b590e50dfffcb1c43ec2f4af8587c3734bbb6725077ac63cb6d458830dfd9cf3375
-SHA512 (./inc/badips.ksh) = 8f81e21eeec5b626cb3163e6662e7f2341a98709a3e4d69660748bcab5a648aa8b8d910ecc4d9669a1493bd98016f56f211c6bbaa650b8300a2a5c7be5db3b84
-SHA512 (./inc/blacklists.ksh) = e28886ec393a1cecac4085e36ad8c5fea6a52528ca81d2ceae21d5d5eb2ca2664c6ed4aa147067134f3d1e68742e6de5496cc8feadabe909db99ad2f749e9f01
-SHA512 (./inc/bogons.ksh) = 9e879f4c2bd1301df97129d569447a5690202f78d46099611dec3bd486fac9e48262d1cbcde604ddcca9e7524621bad890923614c9cb12806c6e5188e62ccb03
-SHA512 (./inc/blacklists_execution.ksh) = c959d3ce87c0f26d0e3f304b543acbe7d0d151b28bbe1def67bea85756e847a9cca193ae5cbbff5ca533eeef61a02d23939a6c3e034760336e3c82c2c77cff0f
-SHA512 (./inc/badips_execution.ksh) = 0557ad2d9090d1863491b386ab66bd80051c608f91b9489a3927d3d7ff626cd486395efff1279672c6a7c66b066ae129c08a5fd56772311b69db9c298e427976
-SHA512 (./inc/bogons_execution.ksh) = d6b3231e6e6e3e3ccf80c1565ea79388d3f82203e9d253c6d3789b52783850a39aec256d3497997d0ab8b6e3c12b2c64ac9d936dfc8c861d353f205d16e49084
+SHA512 (./inc/vars.ksh) = 088ae6a82ff1bcd6ae1e09c84fee1e93b94bc409952c374417c735c784139954aed684f0d19dfa8f2f8e8e731ebb2184df445a105252b1ba51f03e5383aea864
+SHA512 (./inc/commons_functions.ksh) = b45fde9ddf45aec3e8b00f8284d144c6ea3dda8bf97d3ebad62b42cfc921839d357e4ca5e21554dd85861517876345ba953aa91009decacafeb2c4571013ee98
+SHA512 (./inc/badips.ksh) = 7d17b6a74b9a3e2960d063943b7e2c577bafbafe1646c34d0003a446c0ac251202f5f6ef487ead92b0915aaa3b90891c19a205eaf5906764905db2fc310d4c8a
+SHA512 (./inc/blacklists.ksh) = d11e85e58db43ffe34d8c4b238a162c34e1d4483ac1b411e4cd6cc2f3972d499656741f7267fd0e78d1b607a36549804266eae85b72b0011d9d282436dcf9670
+SHA512 (./inc/bogons.ksh) = 8a28a0081b2dff6f9cba1c8adebd500137dc83aa25836a21ea6277918fffc11cf24148d752ce99e7d329fb824053a5a22412629a2132a68e257310b4980d8170
+SHA512 (./inc/blacklists_execution.ksh) = 41ab623c879aa38124ad508a05dc8da5cd546985771570ebfd262ebaa7e401c433c86f995bd5a7296ec60f621ee127dae1bf2242ca4c67be6e2d2fe5f71f4833
+SHA512 (./inc/badips_execution.ksh) = d7716ed5ec30acc250fc8cfc6bce88d7df1a08f02090e23cdd34914a21bd98728c789dad450b120cc54d12eab999b6803afa23e27b75c0c506fa5bdf06616314
+SHA512 (./inc/bogons_execution.ksh) = f78823dd476786cedd70c1556deff281580e57b0a71f30ac7b5c0d46d7117782104ce1f74f4ae1d7edf5b1c1f194e0e4117c92104c75773553e982a71452a763
 SHA512 (./inc/BlockZones_GenLists.pub) = 637b40052f04d65c08d0b6361b6f850f9418d7f35b9563a7ffe50d4d4b9a46dbf5be93cdbe80ee86a0adfabf80de1ae1f4a2abdaca58f80e12eddc98874c98ef
 SHA512 (./inc/BlockZones_GenLists.sec) = bc770117583586748475f38459ae17ace96e0eceb53f735918dd82e3eeb0308984714fc96d379e0c00134c86111c5858ce95f9ae9bb0db4ccd32400c8bdaa748
 SHA512 (./bogons) = 83eca8b0f8040c4975c4bd72cdcc44a636ca54db464a96e603ad712000d60d5677aefe5c7a62a1931807e4b8ffb820483a5a165b4e9711f58eff6de9bbebab71
@@ -22,10 +22,11 @@ SHA512 (./downloads/README) = be0dbb55b780e388e7c06d93769b5b60d4c881b283b28f8233
 SHA512 (./cron/cron.badips) = 68d43c499e108ce5684159220466d1151d1e6ecfcb5ef74dadf56cd5be2497335b8e86c67ae4f8d4e4badc50a6d56ad089c530ffea2b146e1ba9bed5c3ab500b
 SHA512 (./cron/monthly.local) = fe0e23a7a4fa37eea67bbb9d5e9ff037877c1168c9a8511547d6f80cd0d355df85d9ad5d7ed82b0c933c7a0f84ec41184b190ea766b295cbb33600f01506684c
 SHA512 (./cron/cron.unbound) = 5ebb87bb19164cda8bef59d8e0338b2d15dd8117ccdee2f0efbb24fb0a90bb7eee2a4b5f35dd0ce1edd26e4089f464b3ae8d05ce2203ff971a6beba0c8444da8
-SHA512 (./lists/README) = 05dd351102423c87588e20eb7c41f0b4f87bde73d334327d492815afefe6b339aaeb841cd86cf3d4a047f26720046836c8f510dc5d44d62423dfbd0791312b41
+SHA512 (./lists/README) = 9cc7a94e40134fbc85a3545e4665efb6156429c49e69008c78cc10bf1ed3cbdf85fccdbd478b290d9dd76eb455909dccec039b64dc319b263029529b16b73d1e
 SHA512 (./bogons.ksh) = c6ad30ede712bf3689e33dd830bb75f49edd7a2df76d819ce2f858babd4dbc5a0704fb892aec33f827104a3ab3528b1a18cb1d620a04c002190130addf8b3764
 SHA512 (./blacklists) = 32786d9dd0e96a9a6977582084f261ad43f2538204ec77f6769e19e005a16db048e3fde3071b34a8a4d604688c10e8e0414c3a69f38a3d667a3736a714b78a29
 SHA512 (./blacklists.ksh93) = 53600d00a8990cad7462c85f98ef06c616c17f98010f19b1f2968b69de629cd4f387c4bbac803fa3cf8941ad687a8d0d3dea4b8a2e87364d016bf4bc48c0e79a
 SHA512 (./badips.ksh93) = ed191a7a11ebd445ab75bcbb29d47df6ab4b8df2fe870ef7c7bd7c4f9cc0cc54f87af96ffa71a584c720adfcce8b66ba9527ab5e3fbfa8d69bf421d1d5272169
 SHA512 (./BlockZones.pub) = cc7ab9deefa96cf3b83cfccadc716939fc6df95c8550b3219cd38b25efbc069454c2b5d80ebb9c459be39601a49f974d971c3c902aa3c97afdc7f2336610c049
 SHA512 (./bogons.ksh93) = 8c454ebf51a9549066982fc86481c072ef1afb886fa4bdcb5061ef97eba59a4865619ce9043cbc314f0525be727507251bbf2351a0dc48d2f30e937ee5aacbbf
+SHA512 (./README_en.md) = 3336434d52cea4c9b62f894b42b4d1a0e16b2430cc21a6834522e1cfd91e5e1a0fd6d078dc103eb6ebea9733ae17b5521ce966020b2adb84840526960319d278

+ 12 - 11
BlockZones.sha512.sig

@@ -1,16 +1,16 @@
 untrusted comment: verify with BlockZones.pub
-RWQhfERlQr9tQcH0VG4ZBCSW2SKc3LxbN9aLIlBy1m+WXrzb/tD3NB0nLNPWlzEVmN0Ytud0ryUpzp8PEF07p8kzACTtNZNgtww=
+RWQhfERlQr9tQc+trkeMTR+Csb2OpkRv8x8+ug6E8xDKXiYKreChc4VDcg0z3x7Os47tulK4dEPyEmQz1Wsx5kBsJvQ6x8R3Jwg=
 SHA512 (./badips.ksh) = 9e5a1fa57529fc272238d3e0e763a4b663468aa83a9303b65d92b0e1c99339a0f9710bc70c02b8bab799aa4a75dfda9d9967204f58a2721910d80511be4b79ff
-SHA512 (./README.md) = 2b703d026a5dd6dbd869d5eaf532f9b42aed99ce8d836454bb77d5e99d6120cb134c4f9f94d3a898c4bec2f070f877a7bdbdaeadabcb2dd1c9a737b2b47df4e5
+SHA512 (./README.md) = 576997e8cb458f528aadf47c0a85d5e53cb4eace4d4158771e2b81798448ee7083b275a11986109e6061ff32bf6b4141b9b5ef6c69fec49fe8452bddc2231e9e
 SHA512 (./badips) = b8fc67adfe7ca3b09f56e53edddd0ff5e8bbae57d0d42344955b363413a19a98ee60a3c4d5675c006d90610d5f6f6af6bc19d92a93950ba66f4761397613e4ac
-SHA512 (./inc/vars.ksh) = 6606326f88e260b68e1006e0fc6b9c1718512ae0d90dfef02d31f1c0904744f6120991e7d98a6db837b3259ac33e44615e7aa35da102d2cbb549f7213e79ce96
-SHA512 (./inc/commons_functions.ksh) = 2b7867dd37c345517ec9b883ac97ec36325f6375a89a3021acc400f4cc274b590e50dfffcb1c43ec2f4af8587c3734bbb6725077ac63cb6d458830dfd9cf3375
-SHA512 (./inc/badips.ksh) = 8f81e21eeec5b626cb3163e6662e7f2341a98709a3e4d69660748bcab5a648aa8b8d910ecc4d9669a1493bd98016f56f211c6bbaa650b8300a2a5c7be5db3b84
-SHA512 (./inc/blacklists.ksh) = e28886ec393a1cecac4085e36ad8c5fea6a52528ca81d2ceae21d5d5eb2ca2664c6ed4aa147067134f3d1e68742e6de5496cc8feadabe909db99ad2f749e9f01
-SHA512 (./inc/bogons.ksh) = 9e879f4c2bd1301df97129d569447a5690202f78d46099611dec3bd486fac9e48262d1cbcde604ddcca9e7524621bad890923614c9cb12806c6e5188e62ccb03
-SHA512 (./inc/blacklists_execution.ksh) = c959d3ce87c0f26d0e3f304b543acbe7d0d151b28bbe1def67bea85756e847a9cca193ae5cbbff5ca533eeef61a02d23939a6c3e034760336e3c82c2c77cff0f
-SHA512 (./inc/badips_execution.ksh) = 0557ad2d9090d1863491b386ab66bd80051c608f91b9489a3927d3d7ff626cd486395efff1279672c6a7c66b066ae129c08a5fd56772311b69db9c298e427976
-SHA512 (./inc/bogons_execution.ksh) = d6b3231e6e6e3e3ccf80c1565ea79388d3f82203e9d253c6d3789b52783850a39aec256d3497997d0ab8b6e3c12b2c64ac9d936dfc8c861d353f205d16e49084
+SHA512 (./inc/vars.ksh) = 088ae6a82ff1bcd6ae1e09c84fee1e93b94bc409952c374417c735c784139954aed684f0d19dfa8f2f8e8e731ebb2184df445a105252b1ba51f03e5383aea864
+SHA512 (./inc/commons_functions.ksh) = b45fde9ddf45aec3e8b00f8284d144c6ea3dda8bf97d3ebad62b42cfc921839d357e4ca5e21554dd85861517876345ba953aa91009decacafeb2c4571013ee98
+SHA512 (./inc/badips.ksh) = 7d17b6a74b9a3e2960d063943b7e2c577bafbafe1646c34d0003a446c0ac251202f5f6ef487ead92b0915aaa3b90891c19a205eaf5906764905db2fc310d4c8a
+SHA512 (./inc/blacklists.ksh) = d11e85e58db43ffe34d8c4b238a162c34e1d4483ac1b411e4cd6cc2f3972d499656741f7267fd0e78d1b607a36549804266eae85b72b0011d9d282436dcf9670
+SHA512 (./inc/bogons.ksh) = 8a28a0081b2dff6f9cba1c8adebd500137dc83aa25836a21ea6277918fffc11cf24148d752ce99e7d329fb824053a5a22412629a2132a68e257310b4980d8170
+SHA512 (./inc/blacklists_execution.ksh) = 41ab623c879aa38124ad508a05dc8da5cd546985771570ebfd262ebaa7e401c433c86f995bd5a7296ec60f621ee127dae1bf2242ca4c67be6e2d2fe5f71f4833
+SHA512 (./inc/badips_execution.ksh) = d7716ed5ec30acc250fc8cfc6bce88d7df1a08f02090e23cdd34914a21bd98728c789dad450b120cc54d12eab999b6803afa23e27b75c0c506fa5bdf06616314
+SHA512 (./inc/bogons_execution.ksh) = f78823dd476786cedd70c1556deff281580e57b0a71f30ac7b5c0d46d7117782104ce1f74f4ae1d7edf5b1c1f194e0e4117c92104c75773553e982a71452a763
 SHA512 (./inc/BlockZones_GenLists.pub) = 637b40052f04d65c08d0b6361b6f850f9418d7f35b9563a7ffe50d4d4b9a46dbf5be93cdbe80ee86a0adfabf80de1ae1f4a2abdaca58f80e12eddc98874c98ef
 SHA512 (./inc/BlockZones_GenLists.sec) = bc770117583586748475f38459ae17ace96e0eceb53f735918dd82e3eeb0308984714fc96d379e0c00134c86111c5858ce95f9ae9bb0db4ccd32400c8bdaa748
 SHA512 (./bogons) = 83eca8b0f8040c4975c4bd72cdcc44a636ca54db464a96e603ad712000d60d5677aefe5c7a62a1931807e4b8ffb820483a5a165b4e9711f58eff6de9bbebab71
@@ -24,10 +24,11 @@ SHA512 (./downloads/README) = be0dbb55b780e388e7c06d93769b5b60d4c881b283b28f8233
 SHA512 (./cron/cron.badips) = 68d43c499e108ce5684159220466d1151d1e6ecfcb5ef74dadf56cd5be2497335b8e86c67ae4f8d4e4badc50a6d56ad089c530ffea2b146e1ba9bed5c3ab500b
 SHA512 (./cron/monthly.local) = fe0e23a7a4fa37eea67bbb9d5e9ff037877c1168c9a8511547d6f80cd0d355df85d9ad5d7ed82b0c933c7a0f84ec41184b190ea766b295cbb33600f01506684c
 SHA512 (./cron/cron.unbound) = 5ebb87bb19164cda8bef59d8e0338b2d15dd8117ccdee2f0efbb24fb0a90bb7eee2a4b5f35dd0ce1edd26e4089f464b3ae8d05ce2203ff971a6beba0c8444da8
-SHA512 (./lists/README) = 05dd351102423c87588e20eb7c41f0b4f87bde73d334327d492815afefe6b339aaeb841cd86cf3d4a047f26720046836c8f510dc5d44d62423dfbd0791312b41
+SHA512 (./lists/README) = 9cc7a94e40134fbc85a3545e4665efb6156429c49e69008c78cc10bf1ed3cbdf85fccdbd478b290d9dd76eb455909dccec039b64dc319b263029529b16b73d1e
 SHA512 (./bogons.ksh) = c6ad30ede712bf3689e33dd830bb75f49edd7a2df76d819ce2f858babd4dbc5a0704fb892aec33f827104a3ab3528b1a18cb1d620a04c002190130addf8b3764
 SHA512 (./blacklists) = 32786d9dd0e96a9a6977582084f261ad43f2538204ec77f6769e19e005a16db048e3fde3071b34a8a4d604688c10e8e0414c3a69f38a3d667a3736a714b78a29
 SHA512 (./blacklists.ksh93) = 53600d00a8990cad7462c85f98ef06c616c17f98010f19b1f2968b69de629cd4f387c4bbac803fa3cf8941ad687a8d0d3dea4b8a2e87364d016bf4bc48c0e79a
 SHA512 (./badips.ksh93) = ed191a7a11ebd445ab75bcbb29d47df6ab4b8df2fe870ef7c7bd7c4f9cc0cc54f87af96ffa71a584c720adfcce8b66ba9527ab5e3fbfa8d69bf421d1d5272169
 SHA512 (./BlockZones.pub) = cc7ab9deefa96cf3b83cfccadc716939fc6df95c8550b3219cd38b25efbc069454c2b5d80ebb9c459be39601a49f974d971c3c902aa3c97afdc7f2336610c049
 SHA512 (./bogons.ksh93) = 8c454ebf51a9549066982fc86481c072ef1afb886fa4bdcb5061ef97eba59a4865619ce9043cbc314f0525be727507251bbf2351a0dc48d2f30e937ee5aacbbf
+SHA512 (./README_en.md) = 3336434d52cea4c9b62f894b42b4d1a0e16b2430cc21a6834522e1cfd91e5e1a0fd6d078dc103eb6ebea9733ae17b5521ce966020b2adb84840526960319d278

+ 7 - 6
README.md

@@ -7,7 +7,7 @@ Projet pour blacklister des noms de domaines, et des adresses ip, *connus pour l
 - réseaux "bogons"
 - et autres "badips" ...
 
-/!\ **Juillet 2017 :: ATTENTION: Fichiers de signatures SHA512 et signify sont créés ; voir ci-dessous savoir comment les utiliser, si besoin !!!** /!\
+/!\ **Juillet 2017 :: ATTENTION : Fichiers de signatures SHA512 et signify sont créés ; voir ci-dessous savoir comment les utiliser, si besoin !!!** /!\
 
 ----------
 
@@ -17,7 +17,7 @@ Script 'badips'
 => Le script 'badips' agit en plusieurs temps :
 
 - il télécharge les listes de fichiers enregistrés dans le fichier 'src/badips', en tenant compte d'un certain délai de latence afin de ne pas trop revisiter les sites enregistrés
-- il les traitent pour créer deux listes uniques, une 'list/badips\_ipv4' et une autre 'list/badips\_ipv6' ... qui sont recréées à chaque lancement du script, avec leur propre fichier de somme de contrôle sha512.
+- il les traitent pour créer deux listes uniques, une 'lists/badips\_ipv4' et une autre 'lists/badips\_ipv6' ... qui sont recréées à chaque lancement du script, avec leur propre fichier de somme de contrôle sha512.
 
 Copiez les fichiers où vous voulez qu'ils soient traités par pf !
 
@@ -57,7 +57,7 @@ Script 'blacklist'
   - voire 'lists/baddomains' pour un traitement par tables dans PF - pour la version OpenBSD. /!\ Attention, étant donné les temps de traitement par PF pour convertir les noms de domaines en adresses ip ... c'est plus une preuve de concept ; d'autant si PF n'est pas capable de résoudre un nom de domaine correctement, dans ce cas PF n'acceptera pas de traiter la liste. Préfèrez l'usage des listes pour hosts, voire unbound /!\
   - ainsi que leur propre fichier de somme de contrôle sha512 !
   
-Depuis Janvier 2017 : À-propos de la version 'unbound', la variable 'USE_LZ_REDIRECT' sert à gèrer si vous voulez l'ajout de la mention 'local-zone "adr_ip" redirect" ... 
+Depuis Janvier 2017 : À-propos de la version 'unbound', la variable 'USE_LZ_REDIRECT' sert à gèrer si vous voulez l'ajout de la mention 'local-zone "adr_ip" redirect" ... fichier 'inc/blacklists.ksh'.
 
 **ATTENTION** : Si vous activez toutes les URLs référencées dans le fichier 'lists/domains', il est possible que le service devant traiter la liste unique finale ne puisse le faire par manque de ressources mémoires.
 De même, cela augmentera le temps de traitement et de création de la liste unique par votre machine.
@@ -134,10 +134,11 @@ Création de listes
 Les options sont :
 
 - 'unbound', pour le service 'unbound'
-- 'bind8', bind9', pour le service 'Bind'
+- 'bind8', 'bind9', pour le service 'Bind'
 - 'hosts', pour le fichier /etc/hosts - ou son équivalent selon l'OS.
+- 'pf', pour gérer avec des tables PF. 
 
-La configuration par défaut du fichier 'lists/domains' suffit pour être gérée correctement par des services comme 'unbound'. Si vous cherchez à gérer l'ensemble des urls, vous aurez le droit à des messages de dépassements de mémoire - ce qui signifie qu'il ne peut gérer l'ensemble de la liste que vous aurez créée !
+La configuration par défaut du fichier 'src/domains' suffit pour être gérée correctement par des services comme 'unbound'. Si vous cherchez à gérer l'ensemble des urls, vous aurez le droit à des messages de dépassements de mémoire - ce qui signifie qu'il ne peut gérer l'ensemble de la liste que vous aurez créée !
 <br/>
 Ce "problème" ne se pose pas avec la gestion du fichiers 'hosts'.
 
@@ -152,7 +153,7 @@ Vérification des signatures
 
 Depuis Juillet 2017 : Deux fichiers de signature et de sommes de contrôles sha512 sont créées et déposées sur le depôt, à-propos des différents codes
 
-- le fichier 'BlockZones.pub' est le fichier de signature, lié au projet "BlockZones
+- le fichier 'BlockZones.pub' est la clé publique de signature, lié au projet "BlockZones"
 - le fichier 'BlockZones.sha512' est le fichier de sommes de contrôles [sha512][3], pour tous les fichiers fournis par le projet
 - le fichier 'BlockZones.sha512.sig' est le fichier de signature, relatif au fichier précédent.
 

+ 208 - 0
README_en.md

@@ -0,0 +1,208 @@
+BlockZones
+==========
+
+Project to blacklist bad domains names, and bad adresses IP, *knew for bad activities*:
+- ADS servers
+- malwares, trackers, and others badlies
+- bogons red
+
+/!\ **July 2017 :: ATTENTION: SHA512 and sign files are created; see below howto using-it!** /!\
+
+----------
+
+Script 'badips'
+--------------
+
+=> Script 'badips' acts in several times:
+
+- downloads wroten lists, into file 'src/badips', with a latence.
+- threats them to create two single lists, one 'lists/badips\_ipv4 et one 'lists/badips\_ipv6, with sha512 checksums file
+
+Copy both files where you want before manage them by pf!
+
+=> IPv4 rules PF:
+
+    table <t_badips> persist file "/dir/badips_ipv4"
+    
+    block drop in quick on egress from { <t_badips> } to any
+    block drop out quick on egress from any to { <t_badips> }
+    
+=> IPV6 rules PF:
+    
+    table <t_badips6> persist file "/dir/badips_ipv6"
+    
+    block drop in quick on egress inet6 from { <t_badips6> } to any
+    block drop out quick on egress inet6 from any to { <t_badips6> }
+
+This script exists in pdksh, for OpenBSD, and ksh93, for *BSD.
+
+/!\ Think to create a **daily**, weekly, or monthly task cron to update lists, and reload pf. /!\
+
+**ATTENTION**: It seems necessary to grow the number entries tables...
+
+----------
+
+Script 'blacklist'
+----------------
+
+=> Script 'blacklist' acts in several times:
+
+- downloads authorized lists, wroten into file 'src/domains', with a latence.
+- creates one file:
+  - 'lists/local-zone' to threat with unbound,
+  - 'lists/bind.zone' to threat by bind (v8, v9),
+  - 'lists/hosts' for local threat with '/etc/hosts'...
+  - 'lists/baddomains' to threat with tables PF - only for *BSD 
+     /!\ Be careful, PF needs more time, more power to convert domains in adresses IP... see this as Proof of Concept /!\
+     /!\ If PF is not able to translate domain into adress IP, PF will not accept this list. /!\
+- and create checksums files sha512!
+
+Since January 2017: about 'unbound', use 'USE_LZ_REDIRECT' variable to manage 'local-zone "adr_ip" redirect' information... into 'inc/blacklists.ksh'
+
+**ATTENTION**: If you active all wroten URL into 'src/domains' file, it possible the service that has to process the final single list can not do so because of a lack of memory resources.
+Egual, this will grow threatment time to create single list by your computer. 
+
+This script exists:
+
+- bash version- *for Linux, in preference: Debian* -,  
+- pdksh version- *for OpenBSD, preferably*, 
+- ksh93 version- *for *BSD: FreeBSD, OpenBSD*
+
+/!\ Think to create a weekly, **dialy** or monthly task cron to update informations; after, reload PF. /!\
+     See a version file for OpenBSD, into 'cron/'.
+
+=> The 'lists/personals' file exists to save yours personals choices to restrict some domains: one by line.
+
+----------
+
+Script 'bogons'
+---------------
+
+=> The 'bogons' script get both bogons (IPv4, IPv6) lists, availables by Team Cymry. It threats to manage them by PF- Packet Filter. 
+After created them, see 'lists/':
+
+- 'fullbogons-ipv4.txt' for ipv4
+- 'fullbogons-ipv6.txt' for ipv6
+- and checksums files
+
+**pdksh (OpenBSD), ksh93 (*BSD) versions**
+Copy the file where you want, before manage by PF.
+
+**ATTENTION**: it seems necessary to grow the entries number of tables!
+
+=> IPv4 rules PF:
+
+    table <t_bogons> persist file "/dir/fullbogons-ipv4.txt"
+    
+    block drop in quick on egress from { <t_bogons> } to any
+    block drop out quick on egress from any to { <t_bogons> }
+    
+=> IPv6 rules PF:
+    
+    table <t_bogons6> persist file "/dir/fullbogons-ipv6.txt"
+    
+    block drop in quick on egress inet6 from { <t_bogons6> } to any
+    block drop out quick on egress inet6 from any to { <t_bogons6> }
+
+**Bash (Linux) Version**
+
+It's up to you... to manage with iptables!
+
+*this is an example*:
+
+    while read -r line; do
+		/sbin/iptables -I INPUT -s "${line}" -j DROP
+		/sbin/iptables -I OUTPUT -d "${line}" -j DROP
+    done < /dir/BlockZones/lists/fullbogons-ipv4.txt
+    
+*Note: egual for bogons IPv6 list:*
+
+    while read -r line; do
+		/sbin/ip6tables -I INPUT -s "${line}" -j DROP
+		/sbin/ip6tables -I OUTPUT -d "${line}" -j DROP
+    done < /dir/BlockZones/lists/fullbogons-ipv6.txt
+
+**Others informations:**
+
+/!\ Think to create a monthly task cron to update informations, and after reload PF. /!\
+
+----------
+
+Create lists
+------------
+
+./blacklist [option]: to create a list...
+
+Options are:
+
+- 'unbound',
+- 'bind8' or 'bind9' 
+- 'hosts' for the '/etc/hosts' file
+- 'pf' for tables PF.
+
+By default, the config of the 'src/domains' file is enough to manage correctly service as 'unbound'. 
+It is possible you have lack of memories ressource, if you set all urls. If that is, reduce number urls.
+<br/>
+This "problem" not exists with 'hosts' file.
+
+The default config manage quasi 65000 bad urls. The fully: ~ 500K!
+
+**Thoses lists are updated all days, with checksums sha512 files, and sign files, at:**<br/>
+[https://stephane-huc.net/share/BlockZones/lists/][1]
+
+Check sign
+----------
+
+Since July 2017: Two checksums sha512 and sign files are created, about project code.
+
+- 'BlockZones.pub': public key sign file, related to "BlockZones" Project,
+- 'BlockZones.sha512': checksums [sha512][3] file, to verify all project files, 
+- 'BlockZones.sha512.sign': sign file. 
+
+To check good sign, use [signify(1)][2], at root project:
+
+    $ signify -Cp BlockZones.pub -x BlockZones.sha512.sig
+
+Managed lists
+-------------
+
+- 'immortals domains', 'malwaredomains' lists - Initiative DNS-BH Malwaredomains.com
+- 'HpHosts' lists - hosts-file.net: **be carefull: automatic usage is forbiden!**
+- 'Abuse' lists - abuse.ch
+- 'malwaredomainlist' list - malwaredomainlist.com
+- 'winhelp2002 MVPS' list  - winhelp2002.mvps.org
+- 'pgl yoyo' list - pgl.yoyo.org
+- 'adaway' list - adaway.org
+- 'Dan Pollock' list - someonewhocares.org
+
+----------
+
+PF Notes
+--------
+
+Some notes, about Packet-Filter!
+
+/!\ Think to create a regular task cron to flush tables PF. /!\
+
+    # pfctl -t table_name -T expire nb_seconds
+
+=> to reload one table, reload PF :
+
+    # pfctl -f /etc/pf.conf
+
+=> to grow entries number table, by edit '/etc/pf.conf' - just an example -:
+
+    set limit table-entries 300000
+
+=> If you use bogons, and badips lists, think to optimize yours rules PF - e.g:
+
+    block drop in quick on egress from { <t_badips>, <t_bogons> } to any
+    block drop out quick on egress from any to { <t_badips>, <t_bogons> }
+
+And, same works for IPv6 rules!
+
+----------
+
+[1]: https://stephane-huc.net/share/BlockZones/lists/
+[2]: http://man.openbsd.org/signify
+[3]: http://man.openbsd.org/sha512

+ 2 - 2
inc/badips.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -177,7 +177,7 @@ transformer() {
 				display_mssg "OK" "The file '${DIR_LISTS}/${output}' seems to be build!"
 			fi
 			
-			if [ "${one_checksum_file}" = 0 ]; then build_sums; fi
+			build_sums
 			
 			unset output
 			

+ 4 - 2
inc/badips_execution.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -22,6 +22,8 @@
 ###
 ########################################################################
 
+check_needed_softs
+
 del_files
 
 build_blocklists
@@ -30,6 +32,6 @@ mng_blocklists
 
 transformer
 
-if [ "${one_checksum_file}" = 1 ]; then create_one_sums; fi
+create_one_sums
 
 #export $OLD_TERM

+ 2 - 2
inc/blacklists.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -343,7 +343,7 @@ transformer() {
 
         display_mssg "OK" "The file '${DIR_LISTS}/${output}' has been built!"
 
-        if [ "${one_checksum_file}" = 0 ]; then build_sums; fi
+        build_sums
 
     else
 

+ 4 - 2
inc/blacklists_execution.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -22,6 +22,8 @@
 ###
 ########################################################################
 
+check_needed_softs
+
 del_files
 
 build_blocklists
@@ -32,6 +34,6 @@ build_uniq_list
 
 transformer
 
-if [ "${one_checksum_file}" = 1 ]; then create_one_sums; fi
+create_one_sums
 
 #export $OLD_TERM

+ 1 - 1
inc/bogons.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/14
+# Date: 2017/07/16
 #
 ##
 ###

+ 5 - 1
inc/bogons_execution.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -22,10 +22,14 @@
 ###
 ########################################################################
 
+check_needed_softs
+
 del_files
 
 build_blocklists
 
 mng_blocklists
 
+create_one_sums
+
 #export $OLD_TERM

+ 125 - 59
inc/commons_functions.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -54,111 +54,177 @@ build_blocklists() {
 ### Create sha512 checksums files!
 build_sums() {
 	
-	typeset bool=1
+	if [ "${one_checksum_file}" = 0 ]; then 
 	
-	case "${list}" in
-		"bogons") output="${file}" ;;
-	esac
+		typeset bool=1
+	
+		case "${list}" in
+			"bogons") output="${file}" ;;
+		esac
 
-    if [ -f "${DIR_LISTS}/${output}" ];  then
+		if [ -f "${DIR_LISTS}/${output}" ];  then
 
-        cd "${DIR_LISTS}" || exit 1
+			cd "${DIR_LISTS}" || exit 1
         
-        case "${OSN}" in 
+			case "${OSN}" in 
         
-			"FreeBSD")
-				if sha512 "${output}" > "${output}.sha512"; then bool=0; fi
-			;;
+				"FreeBSD")
+					if sha512 "${output}" > "${output}.sha512"; then bool=0; fi
+				;;
         
-			"OpenBSD")
-				if sha512 -h "${output}.sha512" "${output}"; then bool=0; fi
-			;;
+				"OpenBSD")
+					if sha512 -h "${output}.sha512" "${output}"; then bool=0; fi
+				;;
 			
-        esac
+			esac
         
-        if [ ${bool} -eq 0 ]; then
+			if [ ${bool} -eq 0 ]; then
         
-			display_mssg "OK" "The checksum file '${DIR_LISTS}/${output}' is correctly created!"
+				display_mssg "OK" "The checksum file '${DIR_LISTS}/${output}' is correctly created!"
 			
-			create_sign
+				create_sign
         
-        else
+			else
 		
-			display_mssg "KO" "It seems to have a problem to create checksum file ${DIR_LISTS}/${output}!"
+				display_mssg "KO" "It seems to have a problem to create checksum file ${DIR_LISTS}/${output}!"
         
-        fi
+			fi
         
-        cd "${ROOT}" || exit 1
+			cd "${ROOT}" || exit 1
 
-    fi
+		fi
     
-    unset bool
+		unset bool
+		
+	fi
 
 }
 
 byebye() {
 
-    display_mssg "KO" "Script stop here!"
+    display_mssg "KO" " /!\ Script stop here /!\ "
     display_mssg "KO" "Please, search to understand reasons."
     
-    export $OLD_TERM
+    #export $OLD_TERM
     exit 1;
 
 }
 
-create_one_sums() {
+check_needed_softs() {
 	
-	typeset bool=1
+	# curl 
+	if [ -f /usr/local/bin/curl ]; then 
+		use_curl=1
 	
-	cd "${DIR_LISTS}" || exit 1
+	else
+		display_mssg "hg" "For the next time, if you installed the curl tool, the script will attempt to use-it!"
+		sleep 1
 	
-	if find ./ -exec sha512 {} + > "${DIR_SRC}/BlockZones.sha512"; then
+	fi
 	
-		display_mssg "OK" "The checksum file '${DIR_SRC}/BlockZones.sha512' is correctly created!"
+	# wget
+	if [ -f /usr/local/bin/wget ]; then 
+		use_wget=1
 	
 	else
-		
-		display_mssg "KO" "It seems to have a problem to create checksum file '${DIR_SRC}/BlockZones.sha512'!"
-		
+		display_mssg "hg" "For the next time, if you installed the wget tool, the script will attempt to use-it... only if curl tool is not installed!"
+		sleep 1
+	
 	fi
 	
-	if [ -f "${DIR_SRC}/BlockZones.sha512" ]; then
+	# signify
+	if [ "${OSN}" = "FreeBSD" ]; then
+		if [ ! -f /usr/bin/signify ]; then 
+			use_sign=0
+			
+			display_mssg "KO" " /!\ It seems signify tool is not available /!\ "
+			
+			if confirm "Do you want to continue without sign lists?"; then
+				display_mssg "#" "The $0 script continue without generate sign file!"
+				
+				sleep 1
+			else
+				display_mssg "#" "Please, install signify tool!"
+				byebye
+			fi
+		fi
+	fi
 	
-		if mv "${DIR_SRC}/BlockZones.sha512" "${DIR_LISTS}"; then
-			display_mssg "OK" "The checksum file '${DIR_SRC}/BlockZones.sha512' is correctly moved to ${DIR_LISTS}!"
+}
+
+
+confirm () {
+
+    read -r response?"${1} [y|n] "
+    case "$response" in
+        y|Y|o|O|1)	# O is not zero: O(ui) ;)
+            true
+            ;;
+        *)
+            false
+            ;;
+    esac
+
+}
+
+create_one_sums() {
+	
+	if [ "${one_checksum_file}" = 1 ]; then
+	
+		cd "${DIR_LISTS}" || exit 1
+	
+		find ./ -exec sha512 {} + > "${DIR_SRC}/BlockZones.sha512"; 
+	
+		if [ -f "${DIR_SRC}/BlockZones.sha512" ]; then
+	
+			display_mssg "OK" "The checksum file '${DIR_SRC}/BlockZones.sha512' is correctly created!"
+		
+			if mv "${DIR_SRC}/BlockZones.sha512" "${DIR_LISTS}"; then
+				display_mssg "OK" "The checksum file '${DIR_SRC}/BlockZones.sha512' is correctly moved to ${DIR_LISTS}!"
 			
-			create_sign
+				create_sign
 			
-		else
-			display_mssg "KO" "Error to move checksum file '${DIR_SRC}/BlockZones.sha512' into ${DIR_LISTS}!"
+			else
+				display_mssg "KO" "Error to move checksum file '${DIR_SRC}/BlockZones.sha512' into ${DIR_LISTS}!"
 			
+			fi
+	
+		else
+		
+			display_mssg "KO" "It seems to have a problem to create checksum file '${DIR_SRC}/BlockZones.sha512'!"
+		
 		fi
-	fi
 	
-	cd "${ROOT}" || exit 1
+		cd "${ROOT}" || exit 1
+
+	fi
 	
 }
 
 create_sign() {
 	
-	if [ "${one_checksum_file}" = 1 ]; then 
-		if signify -S -s "${dir_sec_key_signify}" -m "${DIR_LISTS}/BlockZones.sha512" -e -x "${DIR_LISTS}/BlockZones.sha512.sig"; then
-			display_mssg "OK" "The sign file '${DIR_LISTS}/BlockZones.sha512.sig' is correctly created!"
+	if [ "${use_sign}" = 1 ]; then
 	
-		else
-			display_mssg "KO" "It seems to have a problem to create sign file '${DIR_LISTS}/BlockZones.sha512.sign'!"
+		if [ "${one_checksum_file}" = 1 ]; then 
+			if signify -S -s "${dir_sec_key_signify}" -m "${DIR_LISTS}/BlockZones.sha512" -e -x "${DIR_LISTS}/BlockZones.sha512.sig"; then
+				display_mssg "OK" "The sign file '${DIR_LISTS}/BlockZones.sha512.sig' is correctly created!"
+	
+			else
+				display_mssg "KO" "It seems to have a problem to create sign file '${DIR_LISTS}/BlockZones.sha512.sign'!"
 		
-		fi
+			fi
 		
-	else
-		if signify -S -s "${dir_sec_key_signify}" -m "${DIR_LISTS}/${output}.sha512" -e -x "${DIR_LISTS}/${output}.sha512.sig"; then
-			display_mssg "OK" "The sign file '${DIR_LISTS}/${output}.sha512.sig' is correctly created!"
-	
 		else
-			display_mssg "KO" "It seems to have a problem to create sign file '${DIR_LISTS}/${output}.sha512.sign'!"
+			if signify -S -s "${dir_sec_key_signify}" -m "${DIR_LISTS}/${output}.sha512" -e -x "${DIR_LISTS}/${output}.sha512.sig"; then
+				display_mssg "OK" "The sign file '${DIR_LISTS}/${output}.sha512.sig' is correctly created!"
+	
+			else
+				display_mssg "KO" "It seems to have a problem to create sign file '${DIR_LISTS}/${output}.sha512.sign'!"
 		
-		fi
+			fi
 		
+		fi
+	
 	fi
 	
 }
@@ -249,21 +315,21 @@ download() {
 
     typeset bool=0
 
-    if [ -x "$(which curl)" ]; then
+    if [ "${use_curl}" = 1 ]; then
 
-        if ! "$(which curl)" -A "Mozilla/5.0 (X11; Debian; Linux; rv:0.0) Gecko/20100101 Firefox/0.0" -o "${filename}" "${url}"; then
+        if ! /usr/local/bin/curl -A "Mozilla/5.0 (X11; Debian; Linux; rv:0.0) Gecko/20100101 Firefox/0.0" -o "${filename}" "${url}"; then
             bool=1
         fi
 
-    elif [ -x "$(which wget)" ]; then
+    elif [ "$(use wget)" = 1 ]; then
 
-        if ! "$(which wget)" --user-agent="Mozilla/5.0 (X11; Debian; Linux; rv:0.0) Gecko/20100101 Firefox/0.0" -c -O "${filename}" "${url}"; then
+        if ! /usr/local/bin/wget --user-agent="Mozilla/5.0 (X11; Debian; Linux; rv:0.0) Gecko/20100101 Firefox/0.0" -c -O "${filename}" "${url}"; then
             bool=1
         fi
 
     else
 
-        if ! "$(which ftp)" -n -m -C -o "${filename}" "${url}"; then bool=1; fi
+        if ! /usr/bin/ftp -n -m -C -o "${filename}" "${url}"; then bool=1; fi
 
     fi
 

+ 6 - 1
inc/vars.ksh

@@ -10,7 +10,7 @@
 #
 # Github: https://framagit.org/BlackLists/BlockZones.git
 #
-# Date: 2017/07/15
+# Date: 2017/07/16
 #
 ##
 ###
@@ -39,6 +39,11 @@ dir_sec_key_signify="${DIR_INC}/BlockZones_GenLists.sec"
 # If '1', one chechsum file for all lists
 one_checksum_file=1
 
+### to detect tools; DO NOT TOUCH!
+use_curl=0
+use_sign=1
+use_wget=0
+
 ### declare OS variables
 OSN="$(uname -s)"	# Get Operating System Name
 OSR="$(uname -r)"	# Get Operating System Release

+ 1 - 1
lists/README

@@ -1 +1 @@
-Folder 'lists' where created uniq combined lists, and theirs files sha512sums, are created!
+Folder 'lists' where created single combined lists, and theirs files sha512sums, are created!