Humanoid Insomniac ~#root




Aller au contenu | Aller au menu | Aller à la recherche

dimanche, 8 mars 2015

Spamhaus Exploits Block List ( UPDATE )

Spamhaus Exploits Block List Script:

read the project Spamhaus DROP:

Take this script, edit, chmod 755, ad run it once per 24 H ( Please DO NOT auto-fetch the DROP list more than once per hour! )

#!/bin/bash
# spamhaus.sh - Source adaptee de : https://github.com/cowgill/spamhaus
# MaJ: 08/03/2015 - Brussee YannicK - requis:  iptables
# prends en compte deux listes d'IP chez spamhaus pour proteger les serveurs
#--------------------------------------------------------------
# Voir: http://www.spamhaus.org/drop/ et lire pourquoi...
#--------------------------------------------------------------
# Just ajusted for un CHAIN1 - "Spamhaus" and logs to: [SPAMHAUS BLOCK]
# URL1: http://www.spamhaus.org/drop/drop.lasso
# Just ajusted for un CHAIN2 - "SpamhausEDROP" and logs to: [SPAMHAUS BLOCK EDROP]
# URL2: http://www.spamhaus.org/drop/edrop.txt
#--------------------------------------------------------------
# A mettre en cron toutes les 6 heures passees de 11 Minutes:
#--------------------------------------------------------------
# 11 */6 * * * /usr/local/scripts/spamhaus.sh >/dev/null 2>&1
#--------------------------------------------------------------
# Pour debannir les IP:
# Liste 1:
#--------------------------------------------------------------
# /sbin/iptables -F Spamhaus
#--------------------------------------------------------------
# Liste 2:
#--------------------------------------------------------------
# iptables -F SpamhausEdrop
#--------------------------------------------------------------
# Pour voir les impacts tapez juste: dmesg au bout d'une ou deux heures :)
#--------------------------------------------------------------
# Script Variables:
# path to iptables
IPTABLES="/sbin/iptables";
# list of known spammers
URL1="http://www.spamhaus.org/drop/drop.lasso";
URL2="http://www.spamhaus.org/drop/edrop.txt";
# save local copy here
FILE1="/tmp/drop.lasso";
FILE2="/tmp/edrop.lasso";
# iptables custom CHAIN1
CHAIN1="Spamhaus";
CHAIN2="SpamhausEdrop";
# check to see if the CHAIN1 already exists
$IPTABLES -L $CHAIN1 -n
$IPTABLES -L $CHAIN2 -n
# check to see if the CHAIN1 already exists
if [ $? -eq 0 ]; then
# flush the old rules
$IPTABLES -F $CHAIN1
$IPTABLES -F $CHAIN2
echo "Flushed old rules. Applying updated Spamhaus list DROP and EDROP...."
else
# create a new CHAIN1 set
$IPTABLES -N $CHAIN1
$IPTABLES -N $CHAIN2
# tie CHAIN1 to input rules so it runs
$IPTABLES -A INPUT -j $CHAIN1
$IPTABLES -A INPUT -j $CHAIN2
# don't allow this traffic through
$IPTABLES -A FORWARD -j $CHAIN1
$IPTABLES -A FORWARD -j $CHAIN2
echo "CHAIN1 not detected. Creating new CHAIN1 and adding Spamhaus list...."
echo "CHAIN2 not detected. Creating new CHAIN2 and adding Spamhaus list...."
fi;
# SPAMHAUS DROP
# get a copy of the spam list DROP
wget -qc $URL1 -O $FILE1
# iterate through all known spamming hosts DROP
for IP1 in $( cat $FILE1 | egrep -v '^;' | awk '{ print $1}' ); do
# add the ip address log rule to the CHAIN1 DROP
$IPTABLES -A $CHAIN1 -p 0 -s $IP1 -j LOG --log-prefix "[SPAMHAUS BLOCK DROP]" -m limit --limit 1/min --limit-burst 10
# add the ip address to the CHAIN1
$IPTABLES -A $CHAIN1 -p 0 -s $IP1 -j DROP
echo $IP1
done
#
# SPAMHAUS EDROP
# get a copy of the spam list EDROP
wget -qc $URL2 -O $FILE2
# iterate through all known spamming hosts EDROP
for IP2 in $( cat $FILE2 | egrep -v '^;' | awk '{ print $1}' ); do
# add the ip address log rule to the CHAIN2 2DROP
$IPTABLES -A $CHAIN2 -p 0 -s $IP2 -j LOG --log-prefix "[SPAMHAUS BLOCK EDROP]" -m limit --limit 1/min --limit-burst 10
# add the ip address to the CHAIN2
$IPTABLES -A $CHAIN2 -p 0 -s $IP2 -j DROP
echo $IP2
done
#
echo "Done! for DROP an EDROP Lists"
# remove the spam list
unlink $FILE1
unlink $FILE2

lundi, 23 février 2015

Disable “Waiting for network configuration”

nano /etc/init/failsafe.conf

Change all sleep to 1

For Example:

# failsafe
description "Failsafe Boot Delay"
author "Clint Byrum <clint@ubuntu.com>"
start on filesystem and net-device-up IFACE=lo
stop on static-network-up or starting rc-sysinit
emits failsafe-boot
console output
script
       # Determine if plymouth is available
       if [ -x /bin/plymouth ] && /bin/plymouth --ping ; then
               PLYMOUTH=/bin/plymouth
       else
               PLYMOUTH=":"
       fi
   # The point here is to wait for 2 minutes before forcibly booting
   # the system. Anything that is in an "or" condition with 'started
   # failsafe' in rc-sysinit deserves consideration for mentioning in
   # these messages. currently only static-network-up counts for that.
       sleep 1
   # Plymouth errors should not stop the script because we *must* reach
   # the end of this script to avoid letting the system spin forever
   # waiting on it to start.
       $PLYMOUTH message --text="NO ! NO ! NO ! Boot Fast And Fuck Idiots" || :
       sleep 1
       $PLYMOUTH message --text="Hey guy i'm in work Time is money!" || :
       sleep 1
       $PLYMOUTH message --text="Fast boot for fast work! Time is Money!" || :
   # give user 1 second to see this message since plymouth will go
   # away as soon as failsafe starts.
       sleep 1
   exec initctl emit --no-wait failsafe-boot
end script
post-start exec logger -t 'failsafe' -p daemon.warning "My System is fast BOOTING In Progress..."

lundi, 16 février 2015

Spamhaus Exploits Block List

Spamhaus Exploits Block List Script:

read the project Spamhaus DROP:

Take this script, edit, chmod 755, ad run it once per 24 H ( Please DO NOT auto-fetch the DROP list more than once per hour! )

 #!/bin/bash 
 # based off the following script 
 # http://www.cyberciti.biz/tips/block-spamming-scanning-with-iptables.html
 # Just ajusted for un CHAIN - Spamhaus and logs to: [SPAMHAUS BLOCK]
 # path to iptables
 IPTABLES="/sbin/iptables";
 # list of known spammers
 URL="http://www.spamhaus.org/drop/drop.lasso";
 # save local copy here
 FILE="/tmp/drop.lasso";
 # iptables custom chain
 CHAIN="Spamhaus";
 # check to see if the chain already exists
 $IPTABLES -L $CHAIN -n
 # check to see if the chain already exists
 if [ $? -eq 0 ]; then
 # flush the old rules
 $IPTABLES -F $CHAIN
 echo "Flushed old rules. Applying updated Spamhaus list...."
 else
 # create a new chain set
 $IPTABLES -N $CHAIN
 # tie chain to input rules so it runs
 $IPTABLES -A INPUT -j $CHAIN
 # don't allow this traffic through
 $IPTABLES -A FORWARD -j $CHAIN
 echo "Chain not detected. Creating new chain and adding Spamhaus list...."
 fi;
 # get a copy of the spam list
 wget -qc $URL -O $FILE
 # iterate through all known spamming hosts
 for IP in $( cat $FILE | egrep -v '^;' | awk '{ print $1}' ); do
 # add the ip address log rule to the chain
 $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[SPAMHAUS BLOCK]" -m limit --limit 3/min --limit-burst 10
 # add the ip address to the chain
 $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
 echo $IP
 done
 echo "Done!"
 # remove the spam list
 unlink $FILE

Source from: https://github.com/cowgill/spamhaus

read your logs ..... that's It:

[__SPAMHAUS BLOCK__]IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:8a:7b:e6:40:14:02 SRC=195.XXX.XXX.XXX DST=YYY.YYY.YYY.255 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42024 DPT=21320 WINDOW=65535 RES=0x00 SYN URGP=0

mercredi, 31 décembre 2014

Bonne annee 2015

BONNE_ANNEE_2013.jpg

jeudi, 21 août 2014

CDG Airport

- page 1 de 10