From 22bfb69f287b3530a3021ceb31db889bea401485 Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Thu, 3 Feb 2022 23:32:34 +0000 Subject: [PATCH] blackhole tweaking --- bin/blackhole.sh | 60 +++++++++++++++++++++++++++++++++++++++--------- bin/updateip.sh | 12 +++++++++- 2 files changed, 60 insertions(+), 12 deletions(-) diff --git a/bin/blackhole.sh b/bin/blackhole.sh index 561ee567..9207c43f 100755 --- a/bin/blackhole.sh +++ b/bin/blackhole.sh @@ -27,36 +27,74 @@ fi mkdir -p /etc/blackhole cd /etc/blackhole -# Let's load ip reputation lists from listbot service -if ! [ -f "iprep.yaml" ]; +# Calculate age of downloaded reputation list +if [ -f "iprep.yaml" ]; then - aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/iprep.yaml.bz2 && \ - bunzip2 -f *.bz2 + myNOW=$(date +%s) + myOLD=$(date +%s -r iprep.yaml) + myDAYS=$(( (now-old) / (60*60*24) )) + echo "### Downloaded reputation list is $myDAYS days old." + myBLACKHOLE_IPS=$(grep "mass scanner" iprep.yaml | cut -f 1 -d":" | tr -d '"') fi +# Let's load ip reputation list from listbot service +if [[ ! -f "iprep.yaml" && "$1" == "add" || "$myDAYS" -gt 30 ]]; + then + echo "### Downloading reputation list." + aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/iprep.yaml.bz2 && \ + bunzip2 -f *.bz2 + myBLACKHOLE_IPS=$(grep "mass scanner" iprep.yaml | cut -f 1 -d":" | tr -d '"') +fi + +myCOUNT=$(echo $myBLACKHOLE_IPS | wc -w) # Let's extract mass scanner IPs -myBLACKHOLE_IPS=$(grep "mass scanner" iprep.yaml | cut -f 1 -d":" | tr -d '"') +if [ "$myCOUNT" -lt "3000" ] && [ "$1" == "add" ]; + then + echo "### Something went wrong. Please check contents of /etc/blackhole/iprep.yaml." + echo "### Aborting." + echo + exit +elif [ "$(ip r | grep 'blackhole' -c)" -gt "3000" ] && [ "$1" == "add" ]; + then + echo "### Blackhole already enabled." + echo "### Aborting." + echo + exit +fi # Let's add blackhole routes for all mass scanner IPs # Your personal preferences may vary, feel free to adjust accordingly if [ "$1" == "add" ]; then - echo "Now add blackhole routes." + echo + echo -n "Now adding $myCOUNT IPs to blackhole." for i in $myBLACKHOLE_IPS; do - echo "ip route add blackhole $i" ip route add blackhole $i + echo -n "." done + echo + echo "Added $(ip r | grep "blackhole" -c) IPs to blackhole." + echo + echo "### Remember!" + echo "### Routes are not added permanently, if you wish a persistent solution add this script to /etc/rc.local to be started after boot." + echo + exit fi # Let's delete blackhole routes for all mass scanner IPs -if [ "$1" == "del" ]; +if [ "$1" == "del" ] && [ "$myCOUNT" -gt 3000 ]; then - echo "Now deleting blackhole routes." + echo + echo -n "Now deleting $myCOUNT IPs from blackhole." for i in $myBLACKHOLE_IPS; do - echo "ip route del blackhole $i" ip route del blackhole $i + echo -n "." done - rm iprep.yaml + echo + echo "$(ip r | grep 'blackhole' -c) IPs remaining in blackhole." + rm iprep.yaml + else + echo "Blackhole already disabled." fi diff --git a/bin/updateip.sh b/bin/updateip.sh index 6ea40812..232e01e6 100755 --- a/bin/updateip.sh +++ b/bin/updateip.sh @@ -9,9 +9,18 @@ if [ "$myEXTIP" = "" ]; then myEXTIP=$myLOCALIP fi + +myBLACKHOLE_STATUS=$(ip r | grep "blackhole" -c) +if [ "$myBLACKHOLE_STATUS" -gt "3000" ]; + then + myBLACKHOLE_STATUS="| BLACKHOLING MASS SCANNERS: [ ENABLED ]" + else + myBLACKHOLE_STATUS="| BLACKHOLING MASS SCANNERS: [ DISABLED ]" +fi + mySSHUSER=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1) echo "" > /etc/issue -toilet -f ivrit -F metal --filter border:metal "T-Pot 20.06" | sed 's/\\/\\\\/g' >> /etc/issue +toilet -f ivrit -F metal --filter border:metal "T-Pot 22.03" | sed 's/\\/\\\\/g' >> /etc/issue echo >> /etc/issue echo ",---- [ \n ] [ \d ] [ \t ]" >> /etc/issue echo "|" >> /etc/issue @@ -19,6 +28,7 @@ echo "| IP: $myLOCALIP ($myEXTIP)" >> /etc/issue echo "| SSH: ssh -l tsec -p 64295 $myLOCALIP" >> /etc/issue echo "| WEB: https://$myLOCALIP:64297" >> /etc/issue echo "| ADMIN: https://$myLOCALIP:64294" >> /etc/issue +echo "$myBLACKHOLE_STATUS" >> /etc/issue echo "|" >> /etc/issue echo "\`----" >> /etc/issue echo >> /etc/issue