20,8 → 20,8 |
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL |
CNC_BL_NAME="ossi-bl-candc" |
CNC_URL="https://osint.bambenekconsulting.com/feeds/" |
CNC_DNS_BL_URL=${CNC_URL}c2-dommasterlist-high.txt |
CNC_IP_BL_URL=${CNC_URL}c2-ipmasterlist-high.txt |
CNC_DNS=${CNC_URL}c2-dommasterlist-high.txt |
CNC_IP=${CNC_URL}c2-ipmasterlist-high.txt |
SED="/bin/sed -i" |
CURL="/usr/bin/curl" |
|
94,18 → 94,18 |
-update_ossi-bl-candc | --update_ossi-bl-candc) |
# check availability of the lists |
echo "Downloading blacklists from ${CNC_URL}..." |
STATUS_URL_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_DNS_BL_URL}) |
STATUS_IP_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_IP_BL_URL}) |
STATUS_DNS_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_DNS}) |
STATUS_IP_BL=$(${CURL} --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${CNC_IP}) |
# if downloaded successfully |
if [ $STATUS_URL_BL = 200 ] && [ $STATUS_IP_BL = 200 ]; then |
if [ $STATUS_DNS_BL = 200 ] && [ $STATUS_IP_BL = 200 ]; then |
## parse domain names and ips from feed (cut first 19 lines (comments) and extract first column) |
CNC_URLS=$($CURL $CNC_DNS_BL_URL | tail -n +19 | awk -F, '{print $1}') |
CNC_IPS=$($CURL $CNC_IP_BL_URL | tail -n +19 | awk -F, '{print $1}') |
CNC_DOMAINS=$($CURL $CNC_DNS | tail -n +19 | awk -F, '{print $1}') |
CNC_IPS=$($CURL $CNC_IP | tail -n +19 | awk -F, '{print $1}') |
## create files and adapt downloaded data to alcasar structure (add newlines after each ip/domain) |
BL_DIR=${DIR_DG_BL}/${CNC_BL_NAME} |
rm -rf ${BL_DIR} |
mkdir $BL_DIR |
echo $CNC_URLS | tr " " "\n" > ${BL_DIR}/urls |
echo $CNC_DOMAINS | tr " " "\n" > ${BL_DIR}/urls |
echo $CNC_IPS | tr " " "\n" > ${BL_DIR}/domains |
## reload ossi-blacklists to add the created blacklist to ALCASAR |
echo "Download successfull." |
114,13 → 114,13 |
# if server responded with a code different than 200 |
else |
## 000 means that curl failed |
if [ $STATUS_URL_BL = 000 ] || [ $STATUS_IP_BL = 000 ]; then |
if [ $STATUS_DNS_BL = 000 ] || [ $STATUS_IP_BL = 000 ]; then |
echo "ERROR: curl could not access the internet to download blacklists." |
echo "This appears to be an error on your side: please check the connection to the internet." |
else |
echo "ERROR: could not donwload blacklists: Server returned non-200 codes:" |
echo "${CNC_DNS_BL_URL} returned ${STATUS_URL_BL}" |
echo "${CNC_IP_BL_URL} returned ${STATUS_IP_BL}" |
echo "${CNC_DNS} returned ${STATUS_DNS_BL}" |
echo "${CNC_IP} returned ${STATUS_IP_BL}" |
echo "Check the availability of the sites. Maybe the server removed its content or changed its address." |
fi |
exit 1 |