feat: add ability to run without logging

README.md

@@ -9,11 +9,14 @@ You can find all the original instructions from the author of this solution here
 ## How to use
 
 Clone this repo to your server and run `sudo ./install.sh`
+To enable logging of all requests from forbidden ips run `sudo ./install.sh --log` instead. This requires rsyslogd to be up and running. If you are unsure - install it without logs.
+All the logs are in the file /var/log/rugov_blacklist/blacklist.log . Keep in mind - if your target could be interesting, you can get a lot of disk space used by this log!
 
 ## What it does
 
-- adds rsyslogd rules in /etc/rsyslog.d/51-iptables-rugov.conf
+- adds rsyslogd rules in /etc/rsyslog.d/51-iptables-rugov.conf (only with --log)
 - makes directory /var/log/rugov_blacklist/
 - puts there all necessary files
 - runs the update process 
 - installs cron script to /etc/cron.daily/rugov_updater.sh
+

install.sh

@@ -4,31 +4,45 @@ IFS=$'\n\t'
 
 FMTCURID=$(id -u)
 FMTDIR=$(dirname "$(readlink -f "$0")")
+FMTDOLOGS=""
+
+if [[ -n ${1+x} && "$1" == "--log" ]];then
+	FMTDOLOGS="do"
+fi
 
 if [[ "$FMTCURID" != "0" ]]; then
 	echo "The script is intended to run under root"
 	exit 1
 fi
 
+if [[ ! -d "/etc/iptables/" ]]; then
+	echo "The script is intended to be used with iptables"
+	exit 2
+fi
 
+if [[ "$FMTDOLOGS" ]]; then
+	echo "Installing rsyslogd config..."
 	if [[ ! -f "/etc/rsyslog.d/50-default.conf" ]]; then
 		echo "rsyslog.d/50-default.conf not found, there is no place to put the new config file"
 		exit 1
 	fi
 
+	cat "$FMTDIR/51-iptables-rugov.conf" > /etc/rsyslog.d/51-iptables-rugov.conf
 
+	service rsyslog restart
+fi
+
+echo "Installing common files..."
 mkdir -p /var/log/rugov_blacklist
 chown syslog:adm /var/log/rugov_blacklist
 chmod 0755 /var/log/rugov_blacklist
 
-cat "$FMTDIR/51-iptables-rugov.conf" > /etc/rsyslog.d/51-iptables-rugov.conf
-
-service rsyslog restart
 
 cat "$FMTDIR/updater.sh" > /var/log/rugov_blacklist/updater.sh
 chmod +x /var/log/rugov_blacklist/updater.sh
 touch /var/log/rugov_blacklist/blacklist.txt
 
+echo "Running initial setup process..."
 /var/log/rugov_blacklist/updater.sh
 
 ln -s /var/log/rugov_blacklist/updater.sh /etc/cron.daily/rugov_updater.sh

updater.sh

@@ -5,6 +5,10 @@ IFS=$'\n\t'
 # Paths to files with IP addresses
 OLD_IP_FILE="/var/log/rugov_blacklist/old_blacklist.txt"
 NEW_IP_FILE="/var/log/rugov_blacklist/blacklist.txt"
+FMT_LOGS=""
+if [[ -f "/etc/rsyslog.d/51-iptables-rugov.conf" ]]; then
+	FMT_LOGS="do"
+fi
 
 # Rename the existing blacklist.txt file to old_blacklist.txt
 mv "$NEW_IP_FILE" "$OLD_IP_FILE"
@@ -33,7 +37,9 @@ added=0
 removed=0
 for addr in "${new_addresses[@]}"; do
 	if ! sudo iptables -t raw -C PREROUTING -s "$addr" -j DROP &>/dev/null; then
+		if [[ "$FMT_LOGS" ]]; then
 			iptables -t raw -A PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: "
+		fi
 		iptables -t raw -A PREROUTING -s "$addr" -j DROP
 		((added++)) || true
 	fi
@@ -41,7 +47,7 @@ done
 
 for addr in "${old_addresses[@]}"; do
 	if ! grep -q "$addr" "$NEW_IP_FILE"; then
-		iptables -t raw -D PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: "
+		iptables -t raw -D PREROUTING -s "$addr" -j LOG --log-prefix "Blocked RUGOV IP attempt: " || true
 		iptables -t raw -D PREROUTING -s "$addr" -j DROP
 		((removed++)) || true
 	fi