proxytools- collection of scripts for harvesting & testing proxies |
git clone git://git.acid.vegas/proxytools.git |
Log | Files | Refs | Archive | README | LICENSE |
checkdnsbl.sh (3562B)
1 #!/bin/bash 2 ################################################################################# 3 ## checkdnsbl.sh by rojo (rojo @ headcandy.org) and 4 ## outsider (outsider @ scarynet.org) and 5 ## remco (remco @ webconquest.com) 6 ## 7 ## LICENSE AGREEMENT 8 ## By using this script, you are implying acceptance of the idea that this script 9 ## is a stimulating piece of prose. As such, PLEASE DO NOT PLAGIARIZE IT. As 10 ## long as you give me credit for my work, feel free to redistribute / make a 11 ## profit / rewrite / whatever you wish to the script. Just don't mess it up 12 ## and pretend that the bug was my fault. My code is bug-free, dammit! 13 ## 14 ## syntax: /usr/local/sbin/checkdnsbl.sh ip_addr 15 ## where ip_addr is a valid four-octet IPv4 address 16 ## * exits 0 if a match is found; exits 1 for no match 17 ## * intended to be called from /etc/hosts.deny via aclexec 18 ## 19 ## example hosts.deny: 20 # 21 # sshd : 10.0.0.0/24, 127.0.0.1 : allow 22 # ALL : 192.168.0.0/32 : deny 23 # ALL EXCEPT httpd : ALL : aclexec /usr/local/sbin/checkdnsbl %a 24 # 25 ## This will deny connections from DNSBL-flagged hosts, and assume the rest are 26 ## safe. MAKE SURE THAT THIS SCRIPT IS RUN AFTER ALL EXPLICITLY DEFINED 27 ## ADDRESSES! After tcpwrappers spawns this script, the connection is either 28 ## passed or failed, with no further rule matching. 29 ## 30 ## As of the writing of this script, aclexec in hosts.allow allows every client 31 ## to connect, regardless of returned exit code. This script will NOT work if 32 ## called from hosts.allow. It should only be called from hosts.deny. 33 ## 34 ## To test whether this script works, try binding to a banned address. Both 35 ## dronebl.org and spamhaus.org, for example, include 127.0.0.2 in their 36 ## databases for testing. So, if this script monitors ssh connections, and such 37 ## a service exists in your array of DNSBL hosts, try the following command: 38 # ssh -o BindAddress=127.0.0.2 localhost 39 ## If all works as intended, you should see "ssh_exchange_identification: 40 ## Connection closed by remote host." And so will other blacklisted clients. 41 ################################################################################# 42 43 # DNSBL[x] -- array of DNSBL hosts to query 44 DNSBL[0]="dnsbl.dronebl.org" 45 DNSBL[1]="rbl.efnetrbl.org" 46 DNSBL[2]="dnsbl.swiftbl.net" 47 DNSBL[3]="combined.abuse.ch" 48 DNSBL[4]="bogons.cymru.com" 49 50 51 # Number of minutes to cache queries 52 QUERY_EXPIRE=5 53 54 # Location for cache 55 CACHE_FOLDER="/tmp/checkdnsbl" 56 57 # UMASK value for created files and directory 58 UMASK="077" 59 60 ################################# stop editing ################################## 61 62 IPADDR=`echo $1 | sed -r -e 's/^::ffff://'` 63 IP_BACKWARD=`host $IPADDR|grep -E -o -e '[0-9a-f\.]+\.(in-addr|ip6)\.arpa'|sed -r -e 's/\.i.+$//'` 64 65 umask $UMASK 66 67 if [ ! -d "$CACHE_FOLDER" ]; then mkdir $CACHE_FOLDER; 68 elif [ -f "$CACHE_FOLDER/$IPADDR-0" ]; then { 69 echo CACHED: $IPADDR found in `cat $CACHE_FOLDER/$IPADDR-0` 70 exit 0 71 }; 72 elif [ -f "$CACHE_FOLDER/$IPADDR-1" ]; then { 73 echo CACHED: $IPADDR not found in any DNSBLs. 74 exit 1 75 }; fi 76 77 for (( x=0; x<${#DNSBL[@]}; x++ )); do { 78 DNSBLQUERY=$IP_BACKWARD.${DNSBL[$x]} 79 echo -n "checking $DNSBLQUERY... " 80 DNSBLOUT=`host $DNSBLQUERY | grep -E -o -e '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'` 81 if [ "$DNSBLOUT" != "" ]; then 82 echo "MATCH: $DNSBLOUT" 83 echo "${DNSBL[$x]} : $DNSBLOUT" >>$CACHE_FOLDER/$IPADDR-0 84 sleep $(( $QUERY_EXPIRE * 60 )) && { 85 rm -f $CACHE_FOLDER/$IPADDR-0 86 } & 87 exit 0 88 else 89 echo "no match." 90 fi 91 }; done 92 touch $CACHE_FOLDER/$IPADDR-1 93 sleep $(( $QUERY_EXPIRE * 60 )) && { 94 rm -f $CACHE_FOLDER/$IPADDR-1 95 } & 96 exit 1