24 de abril de 2014

Categories: Segurança, Shell Scripts
Tags: No Tags
Comments: No Comments
Published on: 24 de abril de 2014

Crie um diretório dentro do /etc/ onde ficara nosso arquivo contendo os IP’s para bloqueio:

[06:01:52] root@pbx4ip [/]# mkdir /etc/sbcblock

[06:07:12] root@pbx4ip [/]# cd /etc/sbcblock/

[06:07:18] root@pbx4ip [/etc/sbcblock]#>  blocked.ips

[06:07:18] root@pbx4ip [/etc/sbcblock]#>  sbcblock

Vamos colocar agora os IP’s que queremos bloquear no arquivo blocked.ips:

[06:08:14] root@pbx4ip [/etc/sbcblock]# vim blocked.ips

192.241.74.138
146.255.102.1
69.64.40.151
69.64.40.151
62.210.167.41
37.8.50.90
5.9.9.113
146.255.102.1

OBS: Os IP’s acima foram coletados por mim em ataques que sofri em alguns clientes.

Agora vamos criar nosso script que vai pegar estes IP’s e adicionar no IPTABLES:

[06:10:13] root@pbx4ip [/etc/sbcblock]# vim sbcblock

#!/bin/bash

IPT=which iptables
SBCBLOCK=”sbcblock”
SBCBLOCKDROPMSG=”SBC LIST DROP”
BADIPS=$(egrep -v -E “^#|^$” /etc/sbcblock/blocked.ips)

# create a new iptables list
$IPT -N $SBCBLOCK

for ipblock in $BADIPS
do
$IPT -A $SBCBLOCK -s $ipblock -j LOG –log-prefix “$SBCBLOCKDROPMSG”
$IPT -A $SBCBLOCK -s $ipblock -j DROP
done

$IPT -I INPUT -j $SBCBLOCK
$IPT -I OUTPUT -j $SBCBLOCK
$IPT -I FORWARD -j $SBCBLOCK

Agora vamos proceder com os comandos abaixo:

[06:13:40] root@pbx4ip [/etc/sbcblock]# chmod +x sbcblock

[06:14:31] root@pbx4ip [/etc/sbcblock]# ./sbcblock

Agora execute o comando abaixo para ver o resultado:

[06:14:31] root@pbx4ip [/etc/sbcblock]# iptables -L -v -n

Veja o resultado:

Chain INPUT (policy ACCEPT 69 packets, 11432 bytes)

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

Chain OUTPUT (policy ACCEPT 43 packets, 19787 bytes)

Chain sbcblock (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  —  *      *       192.241.74.138       0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       192.241.74.138       0.0.0.0/0           
    0     0 LOG        all  —  *      *       146.255.102.1        0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       146.255.102.1        0.0.0.0/0           
    0     0 LOG        all  —  *      *       69.64.40.151         0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       69.64.40.151         0.0.0.0/0           
    0     0 LOG        all  —  *      *       69.64.40.151         0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       69.64.40.151         0.0.0.0/0           
    0     0 LOG        all  —  *      *       62.210.167.41        0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       62.210.167.41        0.0.0.0/0           
    0     0 LOG        all  —  *      *       37.8.50.90           0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       37.8.50.90           0.0.0.0/0           
    0     0 LOG        all  —  *      *       5.9.9.113            0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       5.9.9.113            0.0.0.0/0           
    0     0 LOG        all  —  *      *       146.255.102.1        0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       146.255.102.1        0.0.0.0/0           
    0     0 LOG        all  —  *      *       192.241.74.138       0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       192.241.74.138       0.0.0.0/0           
    0     0 LOG        all  —  *      *       146.255.102.1        0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       146.255.102.1        0.0.0.0/0           
    0     0 LOG        all  —  *      *       69.64.40.151         0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       69.64.40.151         0.0.0.0/0           
    0     0 LOG        all  —  *      *       69.64.40.151         0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       69.64.40.151         0.0.0.0/0           
    0     0 LOG        all  —  *      *       62.210.167.41        0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       62.210.167.41        0.0.0.0/0           
    0     0 LOG        all  —  *      *       37.8.50.90           0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       37.8.50.90           0.0.0.0/0           
    0     0 LOG        all  —  *      *       5.9.9.113            0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
    0     0 DROP       all  —  *      *       5.9.9.113            0.0.0.0/0           
    0     0 LOG        all  —  *      *       146.255.102.1        0.0.0.0/0            LOG flags 0 level 4 prefix “SBC LIST DROP”
ou pode usar este comando:

[06:24:04] root@pbx4ip [/etc/sbcblock]# iptables -L -v -n | more

Vamos colocar agora nosso script para ser executado sempre que for inicializado o nosso sistema operacional.

[06:24:04] root@pbx4ip [/etc/sbcblock]# cp -a sbcblock /etc/init.d/       

[06:32:26] root@pbx4ip [/etc/sbcblock]# cd /etc/init.d/

[06:32:56] root@pbx4ip [/etc/init.d]# update-rc.d sbcblock defaults

[06:34:29] root@pbx4ip [/etc/sbcblock]# reboot

Pronto seria isto, estou pesquisando para ver se consigo fazer o Fail2Ban gravar neste arquivo os IP’s detectados.

Fonte: Internet!!

 

«page 1 of 3

Categorias

Welcome , today is domingo, 26 de março de 2017