Skip to content

Instantly share code, notes, and snippets.

@cbp44
Last active October 20, 2021 05:30
Show Gist options
  • Save cbp44/44af10bb2aa4b9dc3189a456b3043b8a to your computer and use it in GitHub Desktop.
Save cbp44/44af10bb2aa4b9dc3189a456b3043b8a to your computer and use it in GitHub Desktop.
Unbound DNS block list cronjob
#!/bin/sh
# This script updates malware and phishing filters for unbound DNS resolver
# To use it, place in /etc/cron.daily/unbound-filter-update and chmod 0755 /etc/cron.daily/unbound-filter-update
# Get filter of potentially unwanted programs (PUPs)
get_pup_filter() {
echo "server:"
/usr/bin/curl -L "https://curben.gitlab.io/malware-filter/pup-filter-unbound.conf" | /usr/bin/grep -v "?"
}
# Get phishing domain list, grep out invalid domains from source
get_phishing_filter() {
echo "server:"
/usr/bin/curl -L "https://curben.gitlab.io/malware-filter/phishing-filter-unbound.conf" | /usr/bin/grep -v "?"
}
# Get urlhaus malicious domain list, grep out invalid domains from source
get_urlhaus_filter() {
echo "server:"
/usr/bin/curl -L "https://curben.gitlab.io/malware-filter/urlhaus-filter-unbound.conf" | /usr/bin/grep -v "?"
}
pup_file=/etc/unbound/unbound.conf.d/20-pup_filter.conf
phishing_file=/etc/unbound/unbound.conf.d/21-phishing_filter.conf
urlhaus_file=/etc/unbound/unbound.conf.d/22-urlhaus_filter.conf
[ -f "${pup_file}" ] && /usr/bin/cp "${pup_file}" "${pup_file}.bak"
get_pup_filter > "${pup_file}"
# Remove backup if new file passes checks
if /usr/sbin/unbound-checkconf; then
/usr/bin/rm -f "${pup_file}.bak"
else
/usr/bin/rm -f "${pup_file}"
/usr/bin/mv "${pup_file}.bak" "${pup_file}"
fi
[ -f "${phishing_file}" ] && /usr/bin/cp "${phishing_file}" "${phishing_file}.bak"
get_phishing_filter > "${phishing_file}"
# Remove backup if new file passes checks
if /usr/sbin/unbound-checkconf; then
/usr/bin/rm -f "${phishing_file}.bak"
else
/usr/bin/rm -f "${phishing_file}"
/usr/bin/mv "${phishing_file}.bak" "${phishing_file}"
fi
[ -f "${urlhaus_file}" ] && /usr/bin/cp "${urlhaus_file}" "${urlhaus_file}.bak"
get_urlhaus_filter > "${urlhaus_file}"
if /usr/sbin/unbound-checkconf; then
/usr/bin/rm -f "${urlhaus_file}.bak"
else
/usr/bin/rm -f "${urlhaus_file}"
/usr/bin/mv "${urlhaus_file}.bak" "${urlhaus_file}"
fi
/usr/bin/systemctl restart unbound
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment