Last active
July 6, 2021 20:23
-
-
Save angelorodem/19e48cbdb938d168d5aa124d337719b7 to your computer and use it in GitHub Desktop.
Linux script block malicious IPs fail2ban/nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import re | |
import subprocess | |
import tqdm | |
import ipaddress | |
from pprint import pprint | |
cmd = ['fail2ban-client', 'set', 'sshd', 'banip'] | |
ips = "" | |
#ips += requests.get("https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt").text + '\n' # Contains spamhous wich is lots of bogus things | |
ips += requests.get("https://www.dshield.org/block.txt").text + '\n' | |
ips += requests.get("http://cinsscore.com/list/ci-badguys.txt").text + '\n' | |
ips += requests.get("https://lists.blocklist.de/lists/all.txt").text + '\n' | |
matches = re.findall(r"(\d+\.\d+\.\d+\.0)(/\d+)?", ips) | |
unique_ips = {} | |
for match in matches: | |
ip, net = match | |
if net == '': | |
if ip.split('.')[2] == "0": | |
net = '/16' | |
else: | |
net = '/24' | |
if ip+net not in unique_ips: | |
unique_ips[ip+net] = 1 | |
else: | |
print("Duplicated IP {}".format(ip+net)) | |
for ip in tqdm.tqdm(unique_ips.keys()): | |
block_cmd = cmd + [ip] | |
process = subprocess.Popen(block_cmd, stdout=subprocess.PIPE) | |
process.wait() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*/20 * * * * python3 /root/block.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[DEFAULT] | |
bantime = 15000 | |
banaction = iptables-allports | |
bantime.rndtime = 6000 | |
bantime.increment = true | |
maxretry = 5 | |
maxmatches = %(maxretry)s | |
banaction_allports = iptables-allports | |
action = %(action_)s | |
[sshd] | |
enabled = true | |
port = 22 | |
filter = sshd | |
logpath = /var/log/auth.log | |
maxretry = 3 | |
[nginx-botsearch] | |
enabled = true | |
port = http,https | |
logpath = %(nginx_error_log)s | |
maxretry = 2 | |
[nginx-http-auth] | |
enabled = true | |
port = http,https | |
logpath = %(nginx_error_log)s | |
[nginx-limit-req] | |
enabled = true | |
port = http,https | |
logpath = %(nginx_error_log)s | |
[php-url-fopen] | |
enabled = true | |
port = http,https | |
logpath = %(nginx_access_log)s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes auto; | |
pid /run/nginx.pid; | |
include /etc/nginx/modules-enabled/*.conf; | |
worker_cpu_affinity auto; | |
worker_rlimit_nofile 8192; | |
events { | |
worker_connections 2048; | |
use epoll; | |
} | |
http { | |
# Basic Settings | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
server_tokens off; | |
server_name_in_redirect off; | |
log_not_found off; | |
types_hash_max_size 2048; | |
client_max_body_size 64M; | |
#Timeouts | |
keepalive_timeout 30s; | |
client_body_timeout 30s; | |
client_header_timeout 30s; | |
send_timeout 30s; | |
reset_timedout_connection on; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 30s; | |
proxy_read_timeout 30s; | |
#DDoS | |
limit_conn_zone $binary_remote_addr zone=perip:10m; | |
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:5m rate=40r/s; | |
limit_conn perip 100; | |
limit_req zone=req_limit_per_ip burst=100 nodelay; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# SSL Settings | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | |
ssl_prefer_server_ciphers on; | |
# Logging Settings | |
error_log /var/log/nginx/error.log; | |
#Log only errors | |
map $status $loggable { | |
~^[23] 0; | |
default 1; | |
} | |
access_log /var/log/nginx/access.log combined if=$loggable buffer=512k flush=1m; | |
# Gzip Settings | |
gzip on; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_comp_level 6; | |
gzip_buffers 16 8k; | |
gzip_http_version 1.1; | |
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; | |
# Virtual Host Config | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
#Other Configs | |
#location ~* \.(?:jpg|jpeg|gif|png|ico|woff2)$ { | |
# expires 1M; | |
# add_header Cache-Control "public"; | |
#} | |
#location ~* \.(?:jpg|jpeg|gif|png|ico|woff2|js|css)$ { | |
# access_log off; | |
#} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment