From 19b99ddd30af88f651dae757171bd864f1090061 Mon Sep 17 00:00:00 2001 From: Dominic Reich Date: Sun, 8 Sep 2024 12:45:40 +0200 Subject: [PATCH] =?UTF-8?q?update-blacklist.sh=20=E2=86=92=20ubl.sh=20(arc?= =?UTF-8?q?h=20for=20now)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ubl-arch.sh | 51 ++++++++++++++++++++++++++++++++++++++++ update-blacklist-arch.sh | 35 --------------------------- 2 files changed, 51 insertions(+), 35 deletions(-) create mode 100755 ubl-arch.sh delete mode 100755 update-blacklist-arch.sh diff --git a/ubl-arch.sh b/ubl-arch.sh new file mode 100755 index 0000000..071dc60 --- /dev/null +++ b/ubl-arch.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# 2024-05-26 +# lastmod: 2024-09-08 +# Dominic Reich + +BFILE=/srv/http/blocked.txt +IPFILE=~/ips +COUNT=$(wc -l ~/ips | cut -d' ' -f1) + +if [[ $USER == "root" ]]; then + echo >&2 "User must not be root! Exiting" + exit 1 +fi + +OLDNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs) + +while read ip; do sudo ipset -exist -A badips "$ip"; done < $IPFILE + +FILEBACKUP=14 + +if [ ${FILEBACKUP} -ne 0 ]; then + sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d) +fi + +BACKUPCOUNT=$(ls ${BFILE}* | wc -l) +BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP}) +if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then + for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE}) + do + sudo rm ${f} + done +fi + +# save to blocklist file in webroot +sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null + +# save to /etc/ipset.conf +sudo ipset save -file /etc/ipset.conf + +# Test if current ip is in the badips set +# sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }') +sudo ipset -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }') + +#sudo ipset --terse -L + +NEWNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs) + +rm -f $IPFILE + +echo "Added $((${NEWNUM}-${OLDNUM}))/${COUNT} IPs (${OLDNUM} → ${NEWNUM})" + diff --git a/update-blacklist-arch.sh b/update-blacklist-arch.sh deleted file mode 100755 index 77bf15d..0000000 --- a/update-blacklist-arch.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# 2024-05-26 -# Dominic Reich - -BFILE=/srv/http/blocked.txt - -if [[ $USER == "root" ]]; then - echo >&2 "User must not be root! Exiting" - exit 1 -fi - -while read ip; do sudo ipset -exist -A badips "$ip"; done < ~/ips - -FILEBACKUP=14 - -if [ ${FILEBACKUP} -ne 0 ]; then - sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d) -fi - -BACKUPCOUNT=$(ls ${BFILE}* | wc -l) -BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP}) -if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then - for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE}) - do - sudo rm ${f} - done -fi - -sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null - -# Test if current ip is in the badips set -sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }') - -sudo ipset --terse -L -