diff --git a/README.md b/README.md index 8ec6fa9..a7d90ad 100644 --- a/README.md +++ b/README.md @@ -9,11 +9,14 @@ You can find all the original instructions from the author of this solution here ## How to use Clone this repo to your server and run `sudo ./install.sh` +To enable logging of all requests from forbidden ips run `sudo ./install.sh --log` instead. This requires rsyslogd to be up and running. If you are unsure - install it without logs. +All the logs are in the file /var/log/rugov_blacklist/blacklist.log . Keep in mind - if your target could be interesting, you can get a lot of disk space used by this log! ## What it does -- adds rsyslogd rules in /etc/rsyslog.d/51-iptables-rugov.conf +- adds rsyslogd rules in /etc/rsyslog.d/51-iptables-rugov.conf (only with --log) - makes directory /var/log/rugov_blacklist/ - puts there all necessary files - runs the update process - installs cron script to /etc/cron.daily/rugov_updater.sh + diff --git a/install.sh b/install.sh index 7d75ed2..222c1f7 100755 --- a/install.sh +++ b/install.sh @@ -4,31 +4,45 @@ IFS=$'\n\t' FMTCURID=$(id -u) FMTDIR=$(dirname "$(readlink -f "$0")") +FMTDOLOGS="" + +if [[ -n ${1+x} && "$1" == "--log" ]];then + FMTDOLOGS="do" +fi if [[ "$FMTCURID" != "0" ]]; then echo "The script is intended to run under root" exit 1 fi - -if [[ ! -f "/etc/rsyslog.d/50-default.conf" ]]; then - echo "rsyslog.d/50-default.conf not found, there is no place to put the new config file" - exit 1 +if [[ ! -d "/etc/iptables/" ]]; then + echo "The script is intended to be used with iptables" + exit 2 fi +if [[ "$FMTDOLOGS" ]]; then + echo "Installing rsyslogd config..." + if [[ ! -f "/etc/rsyslog.d/50-default.conf" ]]; then + echo "rsyslog.d/50-default.conf not found, there is no place to put the new config file" + exit 1 + fi + cat "$FMTDIR/51-iptables-rugov.conf" > /etc/rsyslog.d/51-iptables-rugov.conf + + service rsyslog restart +fi + +echo "Installing common files..." mkdir -p /var/log/rugov_blacklist chown syslog:adm /var/log/rugov_blacklist chmod 0755 /var/log/rugov_blacklist -cat "$FMTDIR/51-iptables-rugov.conf" > /etc/rsyslog.d/51-iptables-rugov.conf - -service rsyslog restart cat "$FMTDIR/updater.sh" > /var/log/rugov_blacklist/updater.sh chmod +x /var/log/rugov_blacklist/updater.sh touch /var/log/rugov_blacklist/blacklist.txt +echo "Running initial setup process..." /var/log/rugov_blacklist/updater.sh ln -s /var/log/rugov_blacklist/updater.sh /etc/cron.daily/rugov_updater.sh diff --git a/updater.sh b/updater.sh index 99ea38a..deaa0be 100755 --- a/updater.sh +++ b/updater.sh @@ -5,6 +5,10 @@ IFS=$'\n\t' # Paths to files with IP addresses OLD_IP_FILE="/var/log/rugov_blacklist/old_blacklist.txt" NEW_IP_FILE="/var/log/rugov_blacklist/blacklist.txt" +FMT_LOGS="" +if [[ -f "/etc/rsyslog.d/51-iptables-rugov.conf" ]]; then + FMT_LOGS="do" +fi # Rename the existing blacklist.txt file to old_blacklist.txt mv "$NEW_IP_FILE" "$OLD_IP_FILE" @@ -33,7 +37,9 @@ added=0 removed=0 for addr in "${new_addresses[@]}"; do if ! sudo iptables -t raw -C PREROUTING -s "$addr" -j DROP &>/dev/null; then - iptables -t raw -A PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " + if [[ "$FMT_LOGS" ]]; then + iptables -t raw -A PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " + fi iptables -t raw -A PREROUTING -s "$addr" -j DROP ((added++)) || true fi @@ -41,7 +47,7 @@ done for addr in "${old_addresses[@]}"; do if ! grep -q "$addr" "$NEW_IP_FILE"; then - iptables -t raw -D PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " + iptables -t raw -D PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " || true iptables -t raw -D PREROUTING -s "$addr" -j DROP ((removed++)) || true fi