mng_spamhaus 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. #!/bin/sh
  2. #set -x
  3. clear
  4. ###
  5. #
  6. # Author: Stéphane HUC
  7. # mail: devs@stephane-huc.net
  8. #
  9. # License: BSD Simplified
  10. #
  11. # Github: https://git.framasoft.org/hucste/tools
  12. #
  13. # Date: 2016/03/01
  14. #
  15. ###
  16. ###
  17. #
  18. # Edit your crontab:
  19. # 0 1 * * * /folder/mng_spamhaus
  20. #
  21. # or, launch-it, manually! ;-)
  22. #
  23. ###
  24. export LC_ALL=C
  25. action="DROP" # action iptables ; default : DROP - modify at yours risks !
  26. chain="" - modify at yours risks !
  27. #interface="eth" # DO NOT TOUCH ! or, at yours risks...
  28. now="$(date +"%x %X")"
  29. hours=3600 # in seconds
  30. spamhaus_url="http://www.spamhaus.org/drop/"
  31. DIRNAME="$(dirname $(readlink -f -- "$0"))"
  32. IPT=""
  33. SPAMHAUS_DIR="$DIRNAME/spamhaus/"
  34. SPAM_FILE_DROP="drop.txt"
  35. SPAM_FILE_EDROP="edrop.txt"
  36. block() {
  37. printf "########## Attempt to blocks Bad IPS Spamhaus ##########\n"
  38. if [ -n "$chain" ]; then
  39. $IPT -F "$chain"
  40. sleep 1
  41. $IPT -L "$chain" -nv --line-numbers
  42. sleep 1
  43. fi
  44. for name in "$SPAM_FILE_DROP" "$SPAM_FILE_EDROP"; do
  45. file="$SPAMHAUS_DIR$name"
  46. if [ -f "$file" ]; then
  47. while IFS=$'\n' read -r line; do
  48. info="$(echo "$line" | tr -s ' ')"
  49. echo "$info" | grep -q "^;"
  50. if [ $? -ne 0 ]; then
  51. adr_ip="$(echo "$info" | awk -F ';' '{print $1}' | xargs)"
  52. sbl="$(echo "$info" | awk -F ';' '{print $2}' | xargs)"
  53. echo "ip: $adr_ip ; sbl: $sbl"
  54. if [ -n "$chain" ]; then
  55. $IPT -A "$chain" -s "$adr_ip" -j "$action" -m comment --comment "DROP Spamhaus src $sbl"
  56. $IPT -A "$chain" -d "$adr_ip" -j "$action" -m comment --comment "DROP Spamhaus dst $sbl"
  57. else
  58. $IPT -A INPUT -i "$link" -s "$adr_ip" -j "$action" -m comment --comment "DROP Spamhaus src $sbl"
  59. $IPT -A FORWARD -i "$link" -s "$adr_ip" -j "$action" -m comment --comment "DROP Spamhaus src $sbl"
  60. $IPT -A FORWARD -o "$link" -d "$adr_ip" -j "$action" -m comment --comment "DROP Spamhaus dst $sbl"
  61. $IPT -A OUTPUT -o "$link" -d "$adr_ip" -j "$action" -m comment --comment "DROP Spamhaus dst $sbl"
  62. fi
  63. fi
  64. done < "$file"
  65. fi
  66. done
  67. }
  68. detect_link() {
  69. printf "########## Detecting devices informations ##########\n"
  70. while read -r info; do
  71. printf "iface: ${info}\n"
  72. link="$(echo "${info}" | awk -F '/' '{print $5}')"
  73. printf "link: ${link}\n"
  74. if [ -n "${link}" ]; then
  75. if [ "$(cat "$info/carrier")" -eq 1 -a "$(cat "$info/operstate")" = "up" ]; then
  76. printf "\t => Checking $link ...\n"
  77. link="$(echo "$info" | awk -F '/' '{print $5}')"
  78. printf "\t => Checking $link ...\n"
  79. show=$(ip -f inet addr show "$link" | awk '/inet/ {print $2}')
  80. if [ -n "$show" ]; then address=${show%/*} ; echo "ip: $address"; fi
  81. fi
  82. fi
  83. done <<EOF
  84. $(find /sys/class/net/ | grep -v "^/sys/class/net/$" | grep -v "lo")
  85. EOF
  86. unset i
  87. sleep 1
  88. }
  89. get_spamhaus_files() {
  90. printf "########## Attempt to get spamhaus files ##########\n"
  91. for name in "$SPAM_FILE_DROP" "$SPAM_FILE_EDROP"; do
  92. file="$SPAMHAUS_DIR$name"
  93. if [ -f "$file" ]; then
  94. # get last modifications file in seconds
  95. if [ -x $(which stat) ]; then
  96. file_seconds=$(stat -c "%Y" "$file")
  97. else
  98. file_seconds=$(date -r "$file" +%s)
  99. fi
  100. today="$(date -d "$now" +%s)"
  101. # calcul diff time in seconds
  102. if [ -x $(which bc) ]; then
  103. diff_sec=$(echo "$today - $file_seconds" | bc)
  104. else
  105. diff_sec=$(($today - $file_seconds))
  106. fi
  107. unset file_seconds today
  108. if [ $diff_sec -gt $hours ]; then
  109. # obtain spamhaus file
  110. if [ -x $(which curl) ]; then
  111. curl -A "Mozilla/5.0" -o "$file" "$spamhaus_url$name"
  112. elif [ -x $(which wget) ]; then
  113. wget --user-agent="Mozilla/5.0" -O "$file" "$spamhaus_url$name"
  114. fi
  115. if [ $? -eq 0 ]; then
  116. printf "[ \\33[0;32m%s\\33[0;39m ] %s \n" "OK" "The file $name is correctly downloaded!"
  117. else
  118. printf "[ \\33[1;31m%s\\33[0;39m ] %s \n" "KO" "It seems to have a problem with download file $name!"
  119. fi
  120. else
  121. printf "Please, retry in more than one hour to attemp to downloading $spamhaus_url$name \n"
  122. fi
  123. unset diff_sec
  124. fi
  125. done
  126. }
  127. verify_need_dirs() {
  128. if [ ! -d "$SPAMHAUS_DIR" ]; then mkdir "$SPAMHAUS_DIR"; fi
  129. }
  130. verify_need_soft() {
  131. if [ ! -x $(which iptables) ]; then
  132. printf "Missing iptables command line tool, exiting. \n" >&2
  133. exit 1
  134. else
  135. IPT="$(which iptables)"
  136. fi
  137. }
  138. verify_need_variables() {
  139. if [ -z "$action" ]; then
  140. printf "[ \\33[1;31m%s\\33[0;39m ] %s $0\n" "ERROR" "Necessary to set variable action ! Edit the script:"
  141. exit 1;
  142. fi
  143. }
  144. verify_uid() {
  145. if [ $(id -u) -ne 0 ]; then
  146. printf "[ \\33[1;31m%s\\33[0;39m ] %s \n" "KO" "Need to get rights admins!"
  147. exit 1
  148. fi
  149. }
  150. verify_uid
  151. verify_need_soft
  152. verify_need_variables
  153. verify_need_dirs
  154. detect_link
  155. get_spamhaus_files
  156. block