| Line 18... |
Line 18... |
| 18 |
DIR_DNS_WL="$DIR_SHARE/unbound-wl" # all the WL ' ' '
|
18 |
DIR_DNS_WL="$DIR_SHARE/unbound-wl" # all the WL ' ' '
|
| 19 |
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
|
19 |
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
|
| 20 |
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL
|
20 |
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL
|
| 21 |
CNC_BL_NAME="ossi-bl-candc"
|
21 |
CNC_BL_NAME="ossi-bl-candc"
|
| 22 |
CNC_URL="https://osint.bambenekconsulting.com/feeds/"
|
22 |
CNC_URL="https://osint.bambenekconsulting.com/feeds/"
|
| 23 |
CNC_DNS_BL_URL=${CNC_URL}c2-dommasterlist-high.txt
|
23 |
CNC_DNS=${CNC_URL}c2-dommasterlist-high.txt
|
| 24 |
CNC_IP_BL_URL=${CNC_URL}c2-ipmasterlist-high.txt
|
24 |
CNC_IP=${CNC_URL}c2-ipmasterlist-high.txt
|
| 25 |
SED="/bin/sed -i"
|
25 |
SED="/bin/sed -i"
|
| 26 |
CURL="/usr/bin/curl"
|
26 |
CURL="/usr/bin/curl"
|
| 27 |
|
27 |
|
| 28 |
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
|
28 |
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
|
| 29 |
function clean_split (){
|
29 |
function clean_split (){
|
| Line 92... |
Line 92... |
| 92 |
;;
|
92 |
;;
|
| 93 |
# Update C&C-Server Blacklist (TODO : check that there is a difference between two downloads)
|
93 |
# Update C&C-Server Blacklist (TODO : check that there is a difference between two downloads)
|
| 94 |
-update_ossi-bl-candc | --update_ossi-bl-candc)
|
94 |
-update_ossi-bl-candc | --update_ossi-bl-candc)
|
| 95 |
# check availability of the lists
|
95 |
# check availability of the lists
|
| 96 |
echo "Downloading blacklists from ${CNC_URL}..."
|
96 |
echo "Downloading blacklists from ${CNC_URL}..."
|
| 97 |
STATUS_URL_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_DNS_BL_URL})
|
97 |
STATUS_DNS_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_DNS})
|
| 98 |
STATUS_IP_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_IP_BL_URL})
|
98 |
STATUS_IP_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_IP})
|
| 99 |
# if downloaded successfully
|
99 |
# if downloaded successfully
|
| 100 |
if [ $STATUS_URL_BL = 200 ] && [ $STATUS_IP_BL = 200 ]; then
|
100 |
if [ $STATUS_DNS_BL = 200 ] && [ $STATUS_IP_BL = 200 ]; then
|
| 101 |
## parse domain names and ips from feed (cut first 19 lines (comments) and extract first column)
|
101 |
## parse domain names and ips from feed (cut first 19 lines (comments) and extract first column)
|
| 102 |
CNC_URLS=$($CURL $CNC_DNS_BL_URL | tail -n +19 | awk -F, '{print $1}')
|
102 |
CNC_DOMAINS=$($CURL $CNC_DNS | tail -n +19 | awk -F, '{print $1}')
|
| 103 |
CNC_IPS=$($CURL $CNC_IP_BL_URL | tail -n +19 | awk -F, '{print $1}')
|
103 |
CNC_IPS=$($CURL $CNC_IP | tail -n +19 | awk -F, '{print $1}')
|
| 104 |
## create files and adapt downloaded data to alcasar structure (add newlines after each ip/domain)
|
104 |
## create files and adapt downloaded data to alcasar structure (add newlines after each ip/domain)
|
| 105 |
BL_DIR=${DIR_DG_BL}/${CNC_BL_NAME}
|
105 |
BL_DIR=${DIR_DG_BL}/${CNC_BL_NAME}
|
| 106 |
rm -rf ${BL_DIR}
|
106 |
rm -rf ${BL_DIR}
|
| 107 |
mkdir $BL_DIR
|
107 |
mkdir $BL_DIR
|
| 108 |
echo $CNC_URLS | tr " " "\n" > ${BL_DIR}/urls
|
108 |
echo $CNC_DOMAINS | tr " " "\n" > ${BL_DIR}/urls
|
| 109 |
echo $CNC_IPS | tr " " "\n" > ${BL_DIR}/domains
|
109 |
echo $CNC_IPS | tr " " "\n" > ${BL_DIR}/domains
|
| 110 |
## reload ossi-blacklists to add the created blacklist to ALCASAR
|
110 |
## reload ossi-blacklists to add the created blacklist to ALCASAR
|
| 111 |
echo "Download successfull."
|
111 |
echo "Download successfull."
|
| 112 |
/usr/local/bin/alcasar-bl.sh --reload
|
112 |
/usr/local/bin/alcasar-bl.sh --reload
|
| 113 |
exit 0
|
113 |
exit 0
|
| 114 |
# if server responded with a code different than 200
|
114 |
# if server responded with a code different than 200
|
| 115 |
else
|
115 |
else
|
| 116 |
## 000 means that curl failed
|
116 |
## 000 means that curl failed
|
| 117 |
if [ $STATUS_URL_BL = 000 ] || [ $STATUS_IP_BL = 000 ]; then
|
117 |
if [ $STATUS_DNS_BL = 000 ] || [ $STATUS_IP_BL = 000 ]; then
|
| 118 |
echo "ERROR: curl could not access the internet to download blacklists."
|
118 |
echo "ERROR: curl could not access the internet to download blacklists."
|
| 119 |
echo "This appears to be an error on your side: please check the connection to the internet."
|
119 |
echo "This appears to be an error on your side: please check the connection to the internet."
|
| 120 |
else
|
120 |
else
|
| 121 |
echo "ERROR: could not donwload blacklists: Server returned non-200 codes:"
|
121 |
echo "ERROR: could not donwload blacklists: Server returned non-200 codes:"
|
| 122 |
echo "${CNC_DNS_BL_URL} returned ${STATUS_URL_BL}"
|
122 |
echo "${CNC_DNS} returned ${STATUS_DNS_BL}"
|
| 123 |
echo "${CNC_IP_BL_URL} returned ${STATUS_IP_BL}"
|
123 |
echo "${CNC_IP} returned ${STATUS_IP_BL}"
|
| 124 |
echo "Check the availability of the sites. Maybe the server removed its content or changed its address."
|
124 |
echo "Check the availability of the sites. Maybe the server removed its content or changed its address."
|
| 125 |
fi
|
125 |
fi
|
| 126 |
exit 1
|
126 |
exit 1
|
| 127 |
fi
|
127 |
fi
|
| 128 |
;;
|
128 |
;;
|