proxytools

- collection of scripts for harvesting & testing proxies
git clone git://git.acid.vegas/proxytools.git
Log | Files | Refs | Archive | README | LICENSE

checkdnsbl.sh (3562B)

      1 #!/bin/bash
      2 #################################################################################
      3 ## checkdnsbl.sh by rojo (rojo @ headcandy.org) and
      4 ## outsider (outsider @ scarynet.org) and
      5 ## remco (remco @ webconquest.com)
      6 ##
      7 ## LICENSE AGREEMENT
      8 ## By using this script, you are implying acceptance of the idea that this script
      9 ## is a stimulating piece of prose.  As such, PLEASE DO NOT PLAGIARIZE IT.  As
     10 ## long as you give me credit for my work, feel free to redistribute / make a
     11 ## profit / rewrite / whatever you wish to the script.  Just don't mess it up
     12 ## and pretend that the bug was my fault.  My code is bug-free, dammit!
     13 ##
     14 ## syntax: /usr/local/sbin/checkdnsbl.sh ip_addr
     15 ## where ip_addr is a valid four-octet IPv4 address
     16 ## * exits 0 if a match is found; exits 1 for no match
     17 ## * intended to be called from /etc/hosts.deny via aclexec
     18 ##
     19 ## example hosts.deny:
     20 #
     21 # sshd : 10.0.0.0/24, 127.0.0.1 : allow
     22 # ALL : 192.168.0.0/32 : deny
     23 # ALL EXCEPT httpd : ALL : aclexec /usr/local/sbin/checkdnsbl %a
     24 #
     25 ## This will deny connections from DNSBL-flagged hosts, and assume the rest are
     26 ## safe.  MAKE SURE THAT THIS SCRIPT IS RUN AFTER ALL EXPLICITLY DEFINED
     27 ## ADDRESSES!  After tcpwrappers spawns this script, the connection is either
     28 ## passed or failed, with no further rule matching.
     29 ##
     30 ## As of the writing of this script, aclexec in hosts.allow allows every client
     31 ## to connect, regardless of returned exit code.  This script will NOT work if
     32 ## called from hosts.allow.  It should only be called from hosts.deny.
     33 ##
     34 ## To test whether this script works, try binding to a banned address.  Both
     35 ## dronebl.org and spamhaus.org, for example, include 127.0.0.2 in their
     36 ## databases for testing.  So, if this script monitors ssh connections, and such
     37 ## a service exists in your array of DNSBL hosts, try the following command:
     38 # ssh -o BindAddress=127.0.0.2 localhost
     39 ## If all works as intended, you should see "ssh_exchange_identification:
     40 ## Connection closed by remote host."  And so will other blacklisted clients.
     41 #################################################################################
     42 
     43 # DNSBL[x] -- array of DNSBL hosts to query
     44 DNSBL[0]="dnsbl.dronebl.org"
     45 DNSBL[1]="rbl.efnetrbl.org"
     46 DNSBL[2]="dnsbl.swiftbl.net"
     47 DNSBL[3]="combined.abuse.ch"
     48 DNSBL[4]="bogons.cymru.com"
     49 
     50 
     51 # Number of minutes to cache queries
     52 QUERY_EXPIRE=5
     53 
     54 # Location for cache
     55 CACHE_FOLDER="/tmp/checkdnsbl"
     56 
     57 # UMASK value for created files and directory
     58 UMASK="077"
     59 
     60 ################################# stop editing ##################################
     61 
     62 IPADDR=`echo $1 | sed -r -e 's/^::ffff://'`
     63 IP_BACKWARD=`host $IPADDR|grep -E -o -e '[0-9a-f\.]+\.(in-addr|ip6)\.arpa'|sed -r -e 's/\.i.+$//'`
     64 
     65 umask $UMASK
     66 
     67 if [ ! -d "$CACHE_FOLDER" ]; then mkdir $CACHE_FOLDER;
     68 elif [ -f "$CACHE_FOLDER/$IPADDR-0" ]; then {
     69 	echo CACHED: $IPADDR found in `cat $CACHE_FOLDER/$IPADDR-0`
     70 	exit 0
     71 };
     72 elif [ -f "$CACHE_FOLDER/$IPADDR-1" ]; then {
     73 	echo CACHED: $IPADDR not found in any DNSBLs.
     74 	exit 1
     75 }; fi
     76 
     77 for (( x=0; x<${#DNSBL[@]}; x++ )); do {
     78 	DNSBLQUERY=$IP_BACKWARD.${DNSBL[$x]}
     79 	echo -n "checking $DNSBLQUERY... "
     80 	DNSBLOUT=`host $DNSBLQUERY | grep -E -o -e '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
     81 	if [ "$DNSBLOUT" != "" ]; then
     82 		echo "MATCH: $DNSBLOUT"
     83 		echo "${DNSBL[$x]} : $DNSBLOUT" >>$CACHE_FOLDER/$IPADDR-0
     84 		sleep $(( $QUERY_EXPIRE * 60 )) && {
     85 			rm -f $CACHE_FOLDER/$IPADDR-0
     86 		} &
     87 		exit 0
     88  	else
     89  		echo "no match."
     90 	fi
     91 }; done
     92 touch $CACHE_FOLDER/$IPADDR-1
     93 sleep $(( $QUERY_EXPIRE * 60 )) && {
     94 	rm -f $CACHE_FOLDER/$IPADDR-1
     95 } &
     96 exit 1