ubl-arch.sh
· 1.5 KiB · Bash
Raw
#!/bin/sh
# 2024-05-26
# lastmod: 2024-10-05
# Dominic Reich <quick.hat4396@qtztsjosmprqmgtunjyf.com>
BFILE=/srv/http/blocked.txt
IPFILE=~/ips
if [[ $USER == "root" ]]; then
echo >&2 "User must not be root! Exiting"
exit 1
fi
if [[ ! -r $IPFILE ]]; then
echo >&2 "Could not find/open ip file: ${IPFILE}"
exit 1
fi
COUNT=$(wc -l ${IPFILE} | cut -d' ' -f1)
OLDNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs)
while read ip; do sudo ipset -exist -A badips "$ip"; done < $IPFILE
FILEBACKUP=3
TODAY=$(ls ${BFILE}.$(date +%Y%m%d)-* 2>/dev/null| wc -l)
if [ ${FILEBACKUP} -ne 0 ]; then
# sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)
sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)-$(expr ${TODAY} + 1)
fi
BACKUPCOUNT=$(expr $(ls ${BFILE}.* | wc -l) - $TODAY - 1)
BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP})
if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then
for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE})
do
sudo rm ${f}
done
fi
# save to blocklist file in webroot
sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null
# save to /etc/ipset.conf
sudo ipset save -file /etc/ipset.conf
# Test if current ip is in the badips set
# sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')
sudo ipset -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }')
#sudo ipset --terse -L
NEWNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs)
rm -f $IPFILE
echo "Added $((${NEWNUM}-${OLDNUM}))/${COUNT} IPs (${OLDNUM} → ${NEWNUM})"
| 1 | #!/bin/sh |
| 2 | # 2024-05-26 |
| 3 | # lastmod: 2024-10-05 |
| 4 | # Dominic Reich <quick.hat4396@qtztsjosmprqmgtunjyf.com> |
| 5 | |
| 6 | BFILE=/srv/http/blocked.txt |
| 7 | IPFILE=~/ips |
| 8 | |
| 9 | if [[ $USER == "root" ]]; then |
| 10 | echo >&2 "User must not be root! Exiting" |
| 11 | exit 1 |
| 12 | fi |
| 13 | |
| 14 | if [[ ! -r $IPFILE ]]; then |
| 15 | echo >&2 "Could not find/open ip file: ${IPFILE}" |
| 16 | exit 1 |
| 17 | fi |
| 18 | |
| 19 | COUNT=$(wc -l ${IPFILE} | cut -d' ' -f1) |
| 20 | OLDNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs) |
| 21 | |
| 22 | while read ip; do sudo ipset -exist -A badips "$ip"; done < $IPFILE |
| 23 | |
| 24 | FILEBACKUP=3 |
| 25 | |
| 26 | TODAY=$(ls ${BFILE}.$(date +%Y%m%d)-* 2>/dev/null| wc -l) |
| 27 | if [ ${FILEBACKUP} -ne 0 ]; then |
| 28 | # sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d) |
| 29 | sudo cp ${BFILE} ${BFILE}.$(date +%Y%m%d)-$(expr ${TODAY} + 1) |
| 30 | fi |
| 31 | |
| 32 | BACKUPCOUNT=$(expr $(ls ${BFILE}.* | wc -l) - $TODAY - 1) |
| 33 | BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP}) |
| 34 | if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then |
| 35 | for f in $(ls -tr ${BFILE}.* | head -${BACKUPSTODELETE}) |
| 36 | do |
| 37 | sudo rm ${f} |
| 38 | done |
| 39 | fi |
| 40 | |
| 41 | # save to blocklist file in webroot |
| 42 | sudo ipset -output save -L | grep add | awk '{ print $3 }' | sort -g | sudo tee ${BFILE} 1>/dev/null |
| 43 | |
| 44 | # save to /etc/ipset.conf |
| 45 | sudo ipset save -file /etc/ipset.conf |
| 46 | |
| 47 | # Test if current ip is in the badips set |
| 48 | # sudo ipset -q -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }') |
| 49 | sudo ipset -T badips $(who | tail -1 | awk -F '[()]' '{ print $2 }') |
| 50 | |
| 51 | #sudo ipset --terse -L |
| 52 | |
| 53 | NEWNUM=$(sudo ipset --terse -L | grep "Number of entries:" | cut -d: -f2 | xargs) |
| 54 | |
| 55 | rm -f $IPFILE |
| 56 | |
| 57 | echo "Added $((${NEWNUM}-${OLDNUM}))/${COUNT} IPs (${OLDNUM} → ${NEWNUM})" |
| 58 |