Le script de mise en forme
Créer un dossier deny dans le répertoire /etc/nginx.
mkdir deny
Créer le script permettant de télécharger et mettre en forme les fichiers conf pour NGINX :
#!/bin/sh
saveTo=/etc/nginx/deny
now=$(date);
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/dshield-deny.conf
wget -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print "deny " $1 "/24; # comment=DShield"}' >> $saveTo/dshield-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/spamhaus-deny.conf
wget -O - http://www.spamhaus.org/drop/drop.txt | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "deny " $1 "; # comment=SpamHaus"}' >> $saveTo/spamhaus-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/spamhaus2-deny.conf
wget -O - http://www.spamhaus.org/drop/edrop.txt | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "deny " $1 "; # comment=edrop"}' >> $saveTo/spamhaus2-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/malc0de-deny.conf
wget -O - http://malc0de.com/bl/IP_Blacklist.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=malc0de"}' >> $saveTo/malc0de-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/myipms-deny.conf
wget -O - https://myip.ms/files/blacklist/general/latest_blacklist.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=myipms"}' >> $saveTo/myipms-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/blocklist-deny.conf
wget -O - https://lists.blocklist.de/lists/all.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=blocklist"}' >> $saveTo/blocklist-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/zeustracker-deny.conf
wget -O - https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=zeustracker"}' >> $saveTo/zeustracker-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/ransomwaretracker-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=ransomwaretracker"}' >> $saveTo/ransomwaretracker-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/TeslaCrypt-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=TeslaCrypt"}' >> $saveTo/TeslaCrypt-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/CryptoWall-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=CryptoWall"}' >> $saveTo/CryptoWall-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Locky-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/LY_C2_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Locky"}' >> $saveTo/Locky-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Locky2-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Locky2"}' >> $saveTo/Locky2-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/TorrentLockerC2-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=TorrentLockerC2"}' >> $saveTo/TorrentLockerC2-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/TorrentLocker-deny.conf
wget -O - http://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=TorrentLocker"}' >> $saveTo/TorrentLocker-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Aattack30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_attacks_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Aattack30d"}' >> $saveTo/Aattack30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Abotnets30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_botnets_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Abotnets30d"}' >> $saveTo/Abotnets30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Afastflux30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_fastflux_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Afastflux30d"}' >> $saveTo/Afastflux30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Aphishing30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_phishing_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Aphishing30d"}' >> $saveTo/Aphishing30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Ascans30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_scans_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Ascans30d"}' >> $saveTo/Ascans30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/Biany230d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=Biany230d"}' >> $saveTo/Biany230d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/ciarmy-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ciarmy.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=ciarmy"}' >> $saveTo/ciarmy-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/asproxc2-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/asprox_c2.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=asproxc2"}' >> $saveTo/asproxc2-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/cleanmxviruses-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleanmx_viruses.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=cleanmxviruses"}' >> $saveTo/cleanmxviruses-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/cleanmxphishing-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleanmx_phishing.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=cleanmxphishing"}' >> $saveTo/cleanmxphishing-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/iwspamlist-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iw_spamlist.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=iwspamlist"}' >> $saveTo/iwspamlist-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/ipmasterlist-deny.conf
wget -O - http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 ";"}' | awk -F "," '{gsub("IP"," ",$1);print $1"; # comment=ipmasterlist"}' >> $saveTo/ipmasterlist-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/cybercrime-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cybercrime.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=cybercrime"}' >> $saveTo/cybercrime-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/stopforumspam30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=stopforumspam30d"}' >> $saveTo/stopforumspam30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/torexits30d-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/tor_exits_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=torexits30d"}' >> $saveTo/torexits30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/fireholanon-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_anonymous.netset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=fireholanon"}' >> $saveTo/fireholanon-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/firehol_level1-deny.conf
wget -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=firehol_level1"}' >> $saveTo/firehol_level1-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/normshield-deny.conf
wget -O - https://iplists.firehol.org/files/normshield_all_wannacry.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=normshield"}' >> $saveTo/normshield-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/php_spammers_30d-deny.conf
wget -O - https://iplists.firehol.org/files/php_spammers_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=php_spammers_30d"}' >> $saveTo/php_spammers_30d-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/yakakliker-deny.conf
wget -O - http://www.yakakliker.org/@api/deki/files/1451/=yakakliker.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=yakakliker"}' >> $saveTo/yakakliker-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/malwaredomainlist-deny.conf
wget -O - http://www.malwaredomainlist.com/hostslist/ip.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ sub("\r$", "") { print "deny " $1 "; # comment=malwaredomainlist"}' >> $saveTo/malwaredomainlist-deny.conf
echo "# Generated by Yakakliker.org for NGINX" `date` > $saveTo/darklist_de-deny.conf
wget -O - https://iplists.firehol.org/files/darklist_de.netset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=darklist_de"}' >> $saveTo/darklist_de-deny.conf
echo "# Generated by Yakakliker.org" `date` > $saveTo/cybercrime-deny.conf
wget -O - https://iplists.firehol.org/files/cybercrime.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=cybercrime"}' >> $saveTo/cybercrime-deny.conf
echo "# Generated by Yakakliker.org" `date` > $saveTo/tor-deny.conf
wget -O - https://iplists.firehol.org/files/tor_exits_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "deny " $1 "; # comment=tor"}' >> $saveTo/tor-deny.conf
Editer le fichier /etc/nginx/nginx.conf et rajouter la ligne :
include /etc/nginx/deny/*.conf;
Redémarrer le service nginx après chaque mise à jour des fichiers conf :
sudo service nginx restart
La tache planifiée :
30 0 * * * /home/administrateur/getblacklist.sh >> /var/log/blacklist.log
Pour les flemmards :
Liste des fichiers mis en forme :
http://blacklist.yakakliker.org/nginx/
Script de téléchargement des fichiers :
#!/bin/sh
saveTo=/etc/nginx/deny
now=$(date);
rm $saveTo/*
wget -O - http://blacklist.yakakliker.org/nginx/dshield-deny.conf >> $saveTo/dshield-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/spamhaus-deny.conf >> $saveTo/spamhaus-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/spamhaus2-deny.conf >> $saveTo/spamhaus2-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/malc0de-deny.conf >> $saveTo/malc0de-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/myipms-deny.conf >> $saveTo/myipms-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/blocklist-deny.conf >> $saveTo/blocklist-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/zeustracker-deny.conf >> $saveTo/zeustracker-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/ransomwaretracker-deny.conf >> $saveTo/ransomwaretracker-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/TeslaCrypt-deny.conf >> $saveTo/TeslaCrypt-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/CryptoWall-deny.conf >> $saveTo/CryptoWall-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Locky-deny.conf >> $saveTo/Locky-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Locky2-deny.conf >> $saveTo/Locky2-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/TorrentLockerC2-deny.conf >> $saveTo/TorrentLockerC2-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/TorrentLocker-deny.conf >> $saveTo/TorrentLocker-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Aattack30d-deny.conf >> $saveTo/Aattack30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Abotnets30d-deny.conf >> $saveTo/Abotnets30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Afastflux30d-deny.conf >> $saveTo/Afastflux30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Aphishing30d-deny.conf >> $saveTo/Aphishing30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Ascans30d-deny.conf >> $saveTo/Ascans30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/Biany230d-deny.conf >> $saveTo/Biany230d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/ciarmy-deny.conf >> $saveTo/ciarmy-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/asproxc2-deny.conf >> $saveTo/asproxc2-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/cleanmxviruses-deny.conf >> $saveTo/cleanmxviruses-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/cleanmxphishing-deny.conf >> $saveTo/cleanmxphishing-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/iwspamlist-deny.conf >> $saveTo/iwspamlist-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/ipmasterlist-deny.conf >> $saveTo/ipmasterlist-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/cybercrime-deny.conf >> $saveTo/cybercrime-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/stopforumspam30d-deny.conf >> $saveTo/stopforumspam30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/torexits30d-deny.conf >> $saveTo/torexits30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/fireholanon-deny.conf >> $saveTo/fireholanon-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/firehol_level1-deny.conf >> $saveTo/firehol_level1-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/normshield-deny.conf >> $saveTo/normshield-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/php_spammers_30d-deny.conf >> $saveTo/php_spammers_30d-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/yakakliker-deny.conf >> $saveTo/yakakliker-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/malwaredomainlist-deny.conf >> $saveTo/malwaredomainlist-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/darklist_de-deny.conf >> $saveTo/darklist_de-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/cybercrime-deny.conf >> $saveTo/cybercrime-deny.conf
wget -O - http://blacklist.yakakliker.org/nginx/tor-deny.conf >> $saveTo/tor-deny.conf
service nginx restart