Difference between revisions of "Bp"
(→blaclists) |
(→blaclists) |
||
| Line 3: | Line 3: | ||
/etc/shorewall/makeblacklist : | /etc/shorewall/makeblacklist : | ||
<code> | <code> | ||
| − | #!/bin/sh | + | #!/bin/sh |
| − | cd /etc/shorewall | + | cd /etc/shorewall |
| − | echo "#ADDRESS/SUBNET PROTOCOL PORT" > /tmp/blacklist | + | echo "#ADDRESS/SUBNET PROTOCOL PORT" > /tmp/blacklist |
| − | wget -q -O - http://www.malwaredomainlist.com/hostslist/ip.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist | + | wget -q -O - http://www.malwaredomainlist.com/hostslist/ip.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist |
| − | wget -q -O - https://www.openbl.org/lists/base.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist | + | wget -q -O - https://www.openbl.org/lists/base.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist |
| − | wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist | + | wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist |
| − | wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist | + | wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist |
| − | #http://www.malwaredomainlist.com/hostslist/hosts.txt | + | #http://www.malwaredomainlist.com/hostslist/hosts.txt |
| − | #DNS!!wget -q -O - http://www.malwaredomainlist.com/hostslist/hosts.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist | + | #DNS!!wget -q -O - http://www.malwaredomainlist.com/hostslist/hosts.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist |
| − | + | #http://www.omeglewarden.com/ip-lists.html + SUOMI | |
| − | #http://www.omeglewarden.com/ip-lists.html + SUOMI | + | cat dns.p2p >> /tmp/blacklist |
| − | cat dns.p2p >> /tmp/blacklist | + | echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist |
| − | echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist | + | mv /tmp/blacklist /etc/shorewall/blacklist |
| − | mv /tmp/blacklist /etc/shorewall/blacklist | + | shorewall refresh &>/dev/null |
| − | |||
| − | shorewall refresh &>/dev/null | ||
| − | |||
| − | |||
</code> | </code> | ||
Revision as of 09:01, 22 October 2014
blaclists
/etc/shorewall/makeblacklist :
#!/bin/sh
cd /etc/shorewall
echo "#ADDRESS/SUBNET PROTOCOL PORT" > /tmp/blacklist
wget -q -O - http://www.malwaredomainlist.com/hostslist/ip.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
wget -q -O - https://www.openbl.org/lists/base.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
#http://www.malwaredomainlist.com/hostslist/hosts.txt
#DNS!!wget -q -O - http://www.malwaredomainlist.com/hostslist/hosts.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
#http://www.omeglewarden.com/ip-lists.html + SUOMI
cat dns.p2p >> /tmp/blacklist
echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist
mv /tmp/blacklist /etc/shorewall/blacklist
shorewall refresh &>/dev/null
saricato - intrusion detection
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
http://samiux.blogspot.fi/2013/01/howto-suricata-on-ubuntu-1204-lts-server.html
https://home.regit.org/2013/10/logstash-and-suricata-for-the-old-guys/
Logstash
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_logstash_kibana_and_suricata_json_output
https://github.com/pevma/Suricata-Logstash-Templates
