Differences

This shows you the differences between two versions of the page.

--- skripting-section:bash:squidblacklist-updater [2017/11/13 10:40] – created michael
+++ skripting-section:bash:squidblacklist-updater [2017/11/24 10:48] (current) – [Skript Sourcecode] michael
@@ Line 1: / Line 1: @@
-====== Squidblacklist Downloader ======
+====== Squidblacklist Updater ======
-Skript, welches vom mir erstellt wurde, um komplette Templates auch mit allen sämtlichen zusätzlichen Files von ClipShare und AVS CMS-basierten Webseiten automatisiert zu downloaden.
+Skript, welches vom mir erstellt wurde, um automatisiert (via cronjob) DNS-Blacklist Filter von Squidblacklist.org herunterzuladen, und sie in Bind9 zu intigrieren / Updaten .
 ===== Skript Sourcecode =====
-''**Filename:** <wrap em>template_downloader.sh</wrap>''
+''**Filename:** <wrap em>get_squidblacklists.sh</wrap>''
 <sxh bash; first-line: 1>
+#! /bin/bash
+#*****************************************************************************
+# Subject     : get_squidblacklists.sh
+# Description :
+# Author      : Michael Reber <michael.reber@post.ch>
+# Created     : 2017.11.13
+#*****************************************************************************
+# Skript Configurations:
+BASEURL=https://standard.squidblacklist.org/
+proxy='outappl.pnet.ch:3128'
+download_dir='/opt/rpz/download/'
+#download_dir='/home/rebermi/download/'
+dns_zones_dir='/etc/bind/rpz/'
+#dns_zones_dir='/home/rebermi/rpz/'
+zone_file_prefix='url_bl_'
+# squidblacklist.org username & password
+USERNAME=smitty
+PASSWORD=exhibitive
+# Set Squidblacklist Filter Lists here:
+enabled=( ads chanology cp cryptojack dating dyn feminist gambling malicious piracy porn proxies terrorism weapons )
+#------------------------------------------------------------------------------
+DGINCLUDEFILE="${dns_zones_dir}_include_squidblacklist_filters"
+echo > "${DGINCLUDEFILE}"
+echo Beginning squidblacklist.org Blacklist Update procedure... ;
+cd ${download_dir}
+echo Downloading blacklists...
+# This loop uses the "enabled" list and the BASEURL to download, decompress, and move the lists to the right place!
+for listname in ${enabled[@]}; do
+    BASENAME="dg-${listname}"
+    wget --http-user="${USERNAME}" --http-password="${PASSWORD}" --auth-no-challenge "${BASEURL}${BASENAME}.tar.gz" -e https_proxy="${proxy}"
+    tar -xvf "${BASENAME}.tar.gz"
+    for line in $(grep -v '#' ${BASENAME}.acl); do
+        echo "*.${line}" >> "${BASENAME}.acl";
+    done
+    sed -i 's/#.*$//' "${BASENAME}.acl"
+    sed -i '/^\s*$/d' "${BASENAME}.acl"
+    sed -i 's/$/ IN CNAME \./g' "${BASENAME}.acl"
+   cat >> "${zone_file_prefix}${listname}" << 'EOF'
+$TTL 7200
+@                          IN SOA @ root (
+EOF
+    echo "                                          $(date +%Y%m%d01)  ; serial" >> "${zone_file_prefix}${listname}"
+    cat >> "${zone_file_prefix}${listname}" << 'EOF2'
+H          ; refresh
+M         ; retry
+W          ; expire
+D          ; minimum
+                                         )
+                           IN NS LOCALHOST.
+; nasty domains
+EOF2
+        cat "${BASENAME}.acl" >> "${zone_file_prefix}${listname}"
+    mv "${zone_file_prefix}${listname}" "${dns_zones_dir}"
+    # update include file
+    echo "zone \"url.bl.${listname}.rpz\" in {" >> "${DGINCLUDEFILE}"
+    echo "type master;" >> "${DGINCLUDEFILE}"
+    echo "file \"${dns_zones_dir}${zone_file_prefix}${listname}\";" >> "${DGINCLUDEFILE}"
+    echo "};" >> "${DGINCLUDEFILE}"
+done
+rm -f ${download_dir}*
+chown proxyadm /etc/bind/rpz/*
+echo "Restarting Bind9 Service... "
+systemctl restart bind9
+echo "Done."
 </sxh>