feat: initial release

51-iptables-rugov.conf

@@ -0,0 +1,4 @@
+:programname, isequal, "sudo" ~
+:msg, contains, "Blocked RUGOV IP attempt:" /var/log/rugov_blacklist/blacklist.log
+& ~
+

README.md

@@ -0,0 +1,19 @@
+# Keep your webserver clean from RKN bots using iptables.
+
+This project uses blacklists from https://github.com/C24Be/AS_Network_List/blob/main/blacklists/blacklist.txt
+
+Pay attention! This script was tested on Ubuntu 22.04, there could be any issues on other versions or Linuxes!
+
+You can find all the original instructions from the author of this solution here: [original_instruction.pdf](original_instruction.pdf)
+
+## How to use
+
+Clone this repo to your server and run `sudo ./install.sh`
+
+## What it does
+
+- adds rsyslogd rules in /etc/rsyslog.d/51-iptables-rugov.conf
+- makes directory /var/log/rugov_blacklist/
+- puts there all necessary files
+- runs the update process 
+- installs cron script to /etc/cron.daily/rugov_updater.sh

install.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+FMTCURID=$(id -u)
+FMTDIR=$(dirname "$(readlink -f "$0")")
+
+if [[ "$FMTCURID" != "0" ]]; then
+	echo "The script is intended to run under root"
+	exit 1
+fi
+
+
+if [[ ! -f "/etc/rsyslog.d/50-default.conf" ]]; then
+	echo "rsyslog.d/50-default.conf not found, there is no place to put the new config file"
+	exit 1
+fi
+
+
+mkdir -p /var/log/rugov_blacklist
+chown syslog:adm /var/log/rugov_blacklist
+chmod 0755 /var/log/rugov_blacklist
+
+cat "$FMTDIR/51-iptables-rugov.conf" > /etc/rsyslog.d/51-iptables-rugov.conf
+
+service rsyslog restart
+
+cat "$FMTDIR/updater.sh" > /var/log/rugov_blacklist/updater.sh
+chmod +x /var/log/rugov_blacklist/updater.sh
+touch /var/log/rugov_blacklist/blacklist.txt
+
+/var/log/rugov_blacklist/updater.sh
+
+ln -s /var/log/rugov_blacklist/updater.sh /etc/cron.daily/rugov_updater.sh
+
+echo "Installation finished successfully!"

updater.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+# Paths to files with IP addresses
+OLD_IP_FILE="/var/log/rugov_blacklist/old_blacklist.txt"
+NEW_IP_FILE="/var/log/rugov_blacklist/blacklist.txt"
+
+# Rename the existing blacklist.txt file to old_blacklist.txt
+mv "$NEW_IP_FILE" "$OLD_IP_FILE"
+
+# Copy the blacklist.txt file from the source via the link
+if ! sudo wget -O "$NEW_IP_FILE" https://github.com/C24Be/AS_Network_List/raw/main/blacklists/blacklist.txt; then
+	echo "Failed to load new blacklist. Lets leave the old list unchanged."
+	echo "$(date +"%Y-%m-%d %H:%M:%S") - Failed to load new blacklist. Lets leave the old list unchanged." >> /var/log/rugov_blacklist/blacklist_updater.log
+	exit 1
+fi
+
+# Read IP addresses from old file
+old_addresses=()
+while IFS= read -r ip || [[ -n "$ip" ]]; do
+old_addresses+=("$ip")
+done < "$OLD_IP_FILE"
+
+# Read IP addresses from a new file
+new_addresses=()
+while IFS= read -r ip || [[ -n "$ip" ]]; do
+new_addresses+=("$ip")
+done < "$NEW_IP_FILE"
+
+# Add new addresses and remove old ones from the rules
+added=0
+removed=0
+for addr in "${new_addresses[@]}"; do
+	if ! sudo iptables -t raw -C PREROUTING -s "$addr" -j DROP &>/dev/null; then
+		iptables -t raw -A PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: "
+		iptables -t raw -A PREROUTING -s "$addr" -j DROP
+		((added++)) || true
+	fi
+done
+
+for addr in "${old_addresses[@]}"; do
+	if ! grep -q "$addr" "$NEW_IP_FILE"; then
+		iptables -t raw -D PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: "
+		iptables -t raw -D PREROUTING -s "$addr" -j DROP
+		((removed++)) || true
+	fi
+done
+
+# Save firewall rules to a file
+iptables-save > /etc/iptables/rules.v4
+
+# Display information about added and deleted addresses
+echo "Added addresses to the blacklist: $added"
+echo "Addresses removed from the blacklist: $removed"
+
+# Add an entry to the log file
+echo "$(date +"%Y-%m-%d %H:%M:%S") - Added addresses to the blacklist: $added, addresses removed from the blacklist: $removed" >> /var/log/rugov_blacklist/blacklist_updater.log