Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
update unbound adblocklist
#!/bin/bash
#
# TODO: gestion des erreurs :)
# pas casser le précédent fichier abdlock de unbound quand ça foire :P
# faire un truc qui marche aussi sur mon freeBSD :D
# nop je ne ferais pas du ksh <:-)
# nop je ne fera pas du posix1 awk + sed ;]
# compter source par source ^_^
# vérifier les sources mortes ;)
# utiliser doas ^-^
# indentation et style : JAMAIS :€
# MuST HAVE : usage :'(
export PATH="/bin/:/usr/bin/:/sbin/:/usr/sbin:/usr/local/sbin:/usr/local/bin"
tmpfile="$(mktemp)" && echo '' > $tmpfile
tmp_work="$(mktemp)" && echo '' > $tmp_work
unboundconf="/etc/unbound/unbound.conf.d/_unbound-adhosts.conf"
set -e
# personnal list in /etc/adblack.txt
declare -A BLOCK=(
[perso]="file:///etc/adblack.txt"
[adaway]=https://adaway.org/hosts.txt
[disconad]="https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
[discontrack]="https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
[fademind]="https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
[malwaredom]="https://mirror1.malwaredomains.com/files/justdomains"
[stevenblack]="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
[sysctl]=http://sysctl.org/cameleon/hosts
[suspicous_low]=https://www.dshield.org/feeds/suspiciousdomains_Low.txt
[suspicous_medium]=https://www.dshield.org/feeds/suspiciousdomains_Medium.txt
[suspicous_high]=https://www.dshield.org/feeds/suspiciousdomains_High.txt
[winhelp]=http://winhelp2002.mvps.org/hosts.txt
[yoyo]="https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
[firebog_w3k]=https://v.firebog.net/hosts/static/w3kbl.txt
[firebog_bill]=https://v.firebog.net/hosts/BillStearns.txt
[matomo]=https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt
[dawsey]=https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
[vokins]=https://raw.githubusercontent.com/vokins/yhosts/master/hosts
[nfz_moe]=https://hosts.nfz.moe/basic/hosts
[bblck]=https://ssl.bblck.me/blacklists/hosts-file.txt
)
function clean_get {
cat $tmp_work | perl -pe 's/ *#.*$//g' | \
perl -ane 'if (/^(.+)$/) { @l=split( / /,$1);
$h = lc(pop(@l));
$h =~ s/\015//g;
$h =~ s/^\s+|\s+$//g;
if ($h=~ /^(?=.{1,255}$)[0-9\-_a-z](([\-_0-9a-z]|\b-){0,61}[\-_a0-9a-z])?(\.[\-_0-9a-z](([\-_0-9a-z]|\b-){0,61}[\-_0-9a-z])?)*\.?$/) {
print qq{local-zone: "$h" always_nxdomain\n};
} else {
$h =~ /^\s*$/ or print STDERR "wtf is $h?\n";
}
}'
}
RZ="\e[0m"
GD="\e[32m"
RD="\e[31m"
for K in ${!BLOCK[@]}; do
>&2 echo -n "getting $K "
curl -s ${BLOCK[$K]} > $tmp_work || >&2 echo -e ${RD}KO${RZ} && >&2 echo -e ${GD}OK${RZ};
>&2 echo -n "entries "
>&2 wc -l < $tmp_work;
clean_get ${BLOCK[$K]}
done | sort -r | uniq >> $tmpfile
echo -n "total entries "
wc -l < $tmpfile
sudo install -o unbound -m 600 $tmpfile $unboundconf && \
sudo -u unbound unbound-checkconf 1>/dev/null && \
sudo systemctl reload unbound 1>/dev/null && echo DNS reloaded
# way to build a blacklist of DNS over HTTP from curl sources #noDOH
#curl -s https://gist.githubusercontent.com/kimbo/dd65d539970e3a28a10628f15398247b/raw/bac0b90ef01b6f9d69462512327fd4ff903a9a3f/scrape-doh-providers.py | python3 | perl -ane 'm!https?://([^/:]+)/! and print "$1\n";'
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment