Created
December 15, 2021 19:51
-
-
Save rawiriblundell/b5407bb55dd4dbd9b2fb7f9d29ab7979 to your computer and use it in GitHub Desktop.
Generate a blocklist for log4shell scanners for use in nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| # Generates deny list for nginx | |
| # This blocks known bad IP's that are scanning for log4shell exploits | |
| if ! command -v curl >/dev/null 2>&1; then | |
| printf -- '%s\n' "This script requires 'curl'" >&2 | |
| exit 1 | |
| fi | |
| # Remote source to pull down | |
| log4j_ip_src="https://gist.githubusercontent.com/blotus/f87ed46718bfdc634c9081110d243166/raw/" | |
| get_blockable_ips() { | |
| curl -s "${log4j_ip_src}" | | |
| awk -F ',' '/validated/{print $1}' | | |
| sort -n | | |
| uniq | |
| } | |
| { | |
| printf -- '%s\n' "geo \$bad_ip {" | |
| printf -- '\t%s\n' "default 0;" | |
| while read -r; do | |
| printf -- '\t%s\n' "${REPLY} 1;" | |
| done < <(get_blockable_ips) | |
| printf -- '%s\n' "}" | |
| } > "${1:-/etc/nginx/snippets/deny-ips.conf}" | |
| if ! grep -q "deny_ips.conf" /etc/nginx/nginx.conf 2>/dev/null; then | |
| printf -- '%s\n' "Add 'include /etc/nginx/snippets/deny_ips.conf' to the http block in nginx.conf" | |
| fi | |
| if ! grep -q "bad_ip" /etc/nginx/sites-available/* 2>/dev/null; then | |
| printf -- '%s\n' "Add 'if (\$bad_ip) { return 400; }' to your location directives in /etc/nginx/sites-available" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment