Last active
October 20, 2021 05:30
-
-
Save cbp44/44af10bb2aa4b9dc3189a456b3043b8a to your computer and use it in GitHub Desktop.
Unbound DNS block list cronjob
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # This script updates malware and phishing filters for unbound DNS resolver | |
| # To use it, place in /etc/cron.daily/unbound-filter-update and chmod 0755 /etc/cron.daily/unbound-filter-update | |
| # Get filter of potentially unwanted programs (PUPs) | |
| get_pup_filter() { | |
| echo "server:" | |
| /usr/bin/curl -L "https://curben.gitlab.io/malware-filter/pup-filter-unbound.conf" | /usr/bin/grep -v "?" | |
| } | |
| # Get phishing domain list, grep out invalid domains from source | |
| get_phishing_filter() { | |
| echo "server:" | |
| /usr/bin/curl -L "https://curben.gitlab.io/malware-filter/phishing-filter-unbound.conf" | /usr/bin/grep -v "?" | |
| } | |
| # Get urlhaus malicious domain list, grep out invalid domains from source | |
| get_urlhaus_filter() { | |
| echo "server:" | |
| /usr/bin/curl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-unbound.conf" | /usr/bin/grep -v "?" | |
| } | |
| pup_file=/etc/unbound/unbound.conf.d/20-pup_filter.conf | |
| phishing_file=/etc/unbound/unbound.conf.d/21-phishing_filter.conf | |
| urlhaus_file=/etc/unbound/unbound.conf.d/22-urlhaus_filter.conf | |
| [ -f "${pup_file}" ] && /usr/bin/cp "${pup_file}" "${pup_file}.bak" | |
| get_pup_filter > "${pup_file}" | |
| # Remove backup if new file passes checks | |
| if /usr/sbin/unbound-checkconf; then | |
| /usr/bin/rm -f "${pup_file}.bak" | |
| else | |
| /usr/bin/rm -f "${pup_file}" | |
| /usr/bin/mv "${pup_file}.bak" "${pup_file}" | |
| fi | |
| [ -f "${phishing_file}" ] && /usr/bin/cp "${phishing_file}" "${phishing_file}.bak" | |
| get_phishing_filter > "${phishing_file}" | |
| # Remove backup if new file passes checks | |
| if /usr/sbin/unbound-checkconf; then | |
| /usr/bin/rm -f "${phishing_file}.bak" | |
| else | |
| /usr/bin/rm -f "${phishing_file}" | |
| /usr/bin/mv "${phishing_file}.bak" "${phishing_file}" | |
| fi | |
| [ -f "${urlhaus_file}" ] && /usr/bin/cp "${urlhaus_file}" "${urlhaus_file}.bak" | |
| get_urlhaus_filter > "${urlhaus_file}" | |
| if /usr/sbin/unbound-checkconf; then | |
| /usr/bin/rm -f "${urlhaus_file}.bak" | |
| else | |
| /usr/bin/rm -f "${urlhaus_file}" | |
| /usr/bin/mv "${urlhaus_file}.bak" "${urlhaus_file}" | |
| fi | |
| /usr/bin/systemctl restart unbound |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment