commit 93e0383cfe3208f475bd8994123f8d33c30f58c3 Author: FreeMedia.Tech Date: Tue Apr 2 01:14:48 2024 +0200 feat: initial release diff --git a/51-iptables-rugov.conf b/51-iptables-rugov.conf new file mode 100644 index 0000000..f5578f2 --- /dev/null +++ b/51-iptables-rugov.conf @@ -0,0 +1,4 @@ +:programname, isequal, "sudo" ~ +:msg, contains, "Blocked RUGOV IP attempt:" /var/log/rugov_blacklist/blacklist.log +& ~ + diff --git a/README.md b/README.md new file mode 100644 index 0000000..8ec6fa9 --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# Keep your webserver clean from RKN bots using iptables. + +This project uses blacklists from https://github.com/C24Be/AS_Network_List/blob/main/blacklists/blacklist.txt + +Pay attention! This script was tested on Ubuntu 22.04, there could be any issues on other versions or Linuxes! + +You can find all the original instructions from the author of this solution here: [original_instruction.pdf](original_instruction.pdf) + +## How to use + +Clone this repo to your server and run `sudo ./install.sh` + +## What it does + +- adds rsyslogd rules in /etc/rsyslog.d/51-iptables-rugov.conf +- makes directory /var/log/rugov_blacklist/ +- puts there all necessary files +- runs the update process +- installs cron script to /etc/cron.daily/rugov_updater.sh diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..7d75ed2 --- /dev/null +++ b/install.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +FMTCURID=$(id -u) +FMTDIR=$(dirname "$(readlink -f "$0")") + +if [[ "$FMTCURID" != "0" ]]; then + echo "The script is intended to run under root" + exit 1 +fi + + +if [[ ! -f "/etc/rsyslog.d/50-default.conf" ]]; then + echo "rsyslog.d/50-default.conf not found, there is no place to put the new config file" + exit 1 +fi + + +mkdir -p /var/log/rugov_blacklist +chown syslog:adm /var/log/rugov_blacklist +chmod 0755 /var/log/rugov_blacklist + +cat "$FMTDIR/51-iptables-rugov.conf" > /etc/rsyslog.d/51-iptables-rugov.conf + +service rsyslog restart + +cat "$FMTDIR/updater.sh" > /var/log/rugov_blacklist/updater.sh +chmod +x /var/log/rugov_blacklist/updater.sh +touch /var/log/rugov_blacklist/blacklist.txt + +/var/log/rugov_blacklist/updater.sh + +ln -s /var/log/rugov_blacklist/updater.sh /etc/cron.daily/rugov_updater.sh + +echo "Installation finished successfully!" diff --git a/original_instruction.pdf b/original_instruction.pdf new file mode 100644 index 0000000..e45101b Binary files /dev/null and b/original_instruction.pdf differ diff --git a/updater.sh b/updater.sh new file mode 100755 index 0000000..99ea38a --- /dev/null +++ b/updater.sh @@ -0,0 +1,58 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# Paths to files with IP addresses +OLD_IP_FILE="/var/log/rugov_blacklist/old_blacklist.txt" +NEW_IP_FILE="/var/log/rugov_blacklist/blacklist.txt" + +# Rename the existing blacklist.txt file to old_blacklist.txt +mv "$NEW_IP_FILE" "$OLD_IP_FILE" + +# Copy the blacklist.txt file from the source via the link +if ! sudo wget -O "$NEW_IP_FILE" https://github.com/C24Be/AS_Network_List/raw/main/blacklists/blacklist.txt; then + echo "Failed to load new blacklist. Lets leave the old list unchanged." + echo "$(date +"%Y-%m-%d %H:%M:%S") - Failed to load new blacklist. Lets leave the old list unchanged." >> /var/log/rugov_blacklist/blacklist_updater.log + exit 1 +fi + +# Read IP addresses from old file +old_addresses=() +while IFS= read -r ip || [[ -n "$ip" ]]; do +old_addresses+=("$ip") +done < "$OLD_IP_FILE" + +# Read IP addresses from a new file +new_addresses=() +while IFS= read -r ip || [[ -n "$ip" ]]; do +new_addresses+=("$ip") +done < "$NEW_IP_FILE" + +# Add new addresses and remove old ones from the rules +added=0 +removed=0 +for addr in "${new_addresses[@]}"; do + if ! sudo iptables -t raw -C PREROUTING -s "$addr" -j DROP &>/dev/null; then + iptables -t raw -A PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " + iptables -t raw -A PREROUTING -s "$addr" -j DROP + ((added++)) || true + fi +done + +for addr in "${old_addresses[@]}"; do + if ! grep -q "$addr" "$NEW_IP_FILE"; then + iptables -t raw -D PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " + iptables -t raw -D PREROUTING -s "$addr" -j DROP + ((removed++)) || true + fi +done + +# Save firewall rules to a file +iptables-save > /etc/iptables/rules.v4 + +# Display information about added and deleted addresses +echo "Added addresses to the blacklist: $added" +echo "Addresses removed from the blacklist: $removed" + +# Add an entry to the log file +echo "$(date +"%Y-%m-%d %H:%M:%S") - Added addresses to the blacklist: $added, addresses removed from the blacklist: $removed" >> /var/log/rugov_blacklist/blacklist_updater.log