Last active
March 23, 2017 10:55
-
-
Save marcodebe/b6f58b17ea6107d25247e3cbad712096 to your computer and use it in GitHub Desktop.
Ransomware blocklist generator for Shorewall (using https://ransomwaretracker.abuse.ch/blocklist/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author: Marco De Benedetto <debe@galliera.it> | |
| # | |
| # Ransomware blocklist for Shorewall using https://ransomwaretracker.abuse.ch/blocklist/ | |
| # | |
| # prerequisite: | |
| # | |
| # /etc/shorewall/blrules: | |
| # blacklog net:+blacklist all | |
| # blacklog all net:+blacklist | |
| # | |
| # /etc/cron.d/ransomware_bloklist: | |
| # */5 * * * * root /usr/local/bin/ransomware_ipset | |
| # Create blacklist ipset if it does not exist | |
| ipset list blacklist > /dev/null 2>&1 || ipset create blacklist hash:ip | |
| # blacklist_temp shouldn't exist, but anyway... | |
| ipset destroy blacklist_temp > /dev/null 2>&1 | |
| ipset create blacklist_temp hash:ip | |
| wget -Nq -P /tmp https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt | |
| (while read ip ; do [[ $ip =~ ^[0-9]+\. ]] && ipset add blacklist_temp $ip; done ) < /tmp/RW_IPBL.txt | |
| ipset swap blacklist_temp blacklist | |
| ipset destroy blacklist_temp > /dev/null 2>&1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment