skripting-section:bash:squidblacklist-updater

Squidblacklist Updater

Skript, welches vom mir erstellt wurde, um automatisiert (via cronjob) DNS-Blacklist Filter von Squidblacklist.org herunterzuladen, und sie in Bind9 zu intigrieren / Updaten .

Skript Sourcecode

Filename: get_squidblacklists.sh 

#! /bin/bash
#*****************************************************************************
# Subject     : get_squidblacklists.sh
# Description :
# Author      : Michael Reber <michael.reber@post.ch>
# Created     : 2017.11.13
#*****************************************************************************

# Skript Configurations:
BASEURL=https://standard.squidblacklist.org/
proxy='outappl.pnet.ch:3128'

download_dir='/opt/rpz/download/'
#download_dir='/home/rebermi/download/'
dns_zones_dir='/etc/bind/rpz/'
#dns_zones_dir='/home/rebermi/rpz/'
zone_file_prefix='url_bl_'

# squidblacklist.org username & password
USERNAME=smitty
PASSWORD=exhibitive

# Set Squidblacklist Filter Lists here:
enabled=( ads chanology cp cryptojack dating dyn feminist gambling malicious piracy porn proxies terrorism weapons )

#------------------------------------------------------------------------------

DGINCLUDEFILE="${dns_zones_dir}_include_squidblacklist_filters"
echo > "${DGINCLUDEFILE}"

echo Beginning squidblacklist.org Blacklist Update procedure... ;
cd ${download_dir}

echo Downloading blacklists...

# This loop uses the "enabled" list and the BASEURL to download, decompress, and move the lists to the right place!
for listname in ${enabled[@]}; do
    BASENAME="dg-${listname}"
    wget --http-user="${USERNAME}" --http-password="${PASSWORD}" --auth-no-challenge "${BASEURL}${BASENAME}.tar.gz" -e https_proxy="${proxy}"
    tar -xvf "${BASENAME}.tar.gz"

    for line in $(grep -v '#' ${BASENAME}.acl); do
        echo "*.${line}" >> "${BASENAME}.acl";
    done

    sed -i 's/#.*$//' "${BASENAME}.acl"
    sed -i '/^\s*$/d' "${BASENAME}.acl"
    sed -i 's/$/ IN CNAME \./g' "${BASENAME}.acl"

   cat >> "${zone_file_prefix}${listname}" << 'EOF'
$TTL 7200
@                          IN SOA @ root (
EOF
    echo "                                          $(date +%Y%m%d01)  ; serial" >> "${zone_file_prefix}${listname}"
    cat >> "${zone_file_prefix}${listname}" << 'EOF2'
                                          3H          ; refresh
                                          15M         ; retry
                                          1W          ; expire
                                          1D          ; minimum
                                         )

                           IN NS LOCALHOST.

; nasty domains
EOF2

        cat "${BASENAME}.acl" >> "${zone_file_prefix}${listname}"
    mv "${zone_file_prefix}${listname}" "${dns_zones_dir}"

    # update include file
    echo "zone \"url.bl.${listname}.rpz\" in {" >> "${DGINCLUDEFILE}"
    echo "type master;" >> "${DGINCLUDEFILE}"
    echo "file \"${dns_zones_dir}${zone_file_prefix}${listname}\";" >> "${DGINCLUDEFILE}"
    echo "};" >> "${DGINCLUDEFILE}"

done

rm -f ${download_dir}*
chown proxyadm /etc/bind/rpz/*

echo "Restarting Bind9 Service... "

systemctl restart bind9
echo "Done."

  • skripting-section/bash/squidblacklist-updater.txt
  • Last modified: 2017/11/24 10:48
  • by michael