update-blacklist.sh → ubl.sh (arch for now)
This commit is contained in:
parent
a66f957e97
commit
19b99ddd30
2 changed files with 51 additions and 35 deletions
51
ubl-arch.sh
Executable file
51
ubl-arch.sh
Executable file
|
@ -0,0 +1,51 @@
|
|||
#!/bin/sh
|
||||
# 2024-05-26
|
||||
# lastmod: 2024-09-08
|
||||
# Dominic Reich
|
||||
|
||||
BFILE=/srv/http/blocked.txt
|
||||
IPFILE=~/ips
|
||||
COUNT=$(wc -l ~/ips | cut -d' ' -f1)
|
||||
|
||||
if [[ $USER == "root" ]]; then
|
||||
echo >&2 "User must not be root! Exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
OLDNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs)
|
||||
|
||||
while read ip; do sudo ipset -exist -A badips "$ip"; done < $IPFILE
|
||||
|
||||
FILEBACKUP=14
|
||||
|
||||
if [ ${FILEBACKUP} -ne 0 ]; then
|
||||
sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)
|
||||
fi
|
||||
|
||||
BACKUPCOUNT=$(ls ${BFILE}* | wc -l)
|
||||
BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP})
|
||||
if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then
|
||||
for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE})
|
||||
do
|
||||
sudo rm ${f}
|
||||
done
|
||||
fi
|
||||
|
||||
# save to blocklist file in webroot
|
||||
sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null
|
||||
|
||||
# save to /etc/ipset.conf
|
||||
sudo ipset save -file /etc/ipset.conf
|
||||
|
||||
# Test if current ip is in the badips set
|
||||
# sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')
|
||||
sudo ipset -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')
|
||||
|
||||
#sudo ipset --terse -L
|
||||
|
||||
NEWNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs)
|
||||
|
||||
rm -f $IPFILE
|
||||
|
||||
echo "Added $((${NEWNUM}-${OLDNUM}))/${COUNT} IPs (${OLDNUM} → ${NEWNUM})"
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
#!/bin/sh
|
||||
# 2024-05-26
|
||||
# Dominic Reich
|
||||
|
||||
BFILE=/srv/http/blocked.txt
|
||||
|
||||
if [[ $USER == "root" ]]; then
|
||||
echo >&2 "User must not be root! Exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
while read ip; do sudo ipset -exist -A badips "$ip"; done < ~/ips
|
||||
|
||||
FILEBACKUP=14
|
||||
|
||||
if [ ${FILEBACKUP} -ne 0 ]; then
|
||||
sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)
|
||||
fi
|
||||
|
||||
BACKUPCOUNT=$(ls ${BFILE}* | wc -l)
|
||||
BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP})
|
||||
if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then
|
||||
for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE})
|
||||
do
|
||||
sudo rm ${f}
|
||||
done
|
||||
fi
|
||||
|
||||
sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null
|
||||
|
||||
# Test if current ip is in the badips set
|
||||
sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')
|
||||
|
||||
sudo ipset --terse -L
|
||||
|
Loading…
Reference in a new issue