/block_127

Blacklist to 127.0.0.1

Primary LanguagePerl

# Block 127 
A script taking few blacklist and generate an ignore list from them.
Copyright (C) 2012 Psychedelys <psychedelys@gmail.com>
http://github.com/psychedelys/block_127


Generate few rules for  DNS Server (Bind, PowerDNS or ...), SquidGuard, Shorewall to automatically discard all traffics comming/outgoing from/to those sources:

The script download few blacklists available and merge them into a master blacklist. Blacklist containing severals sections are just used for some categories. The injection mechanism is not differential. It's generating the configuration files completely.

The supported Blacklist format are fow now:
 * Host files.
 * Domain list.
 * Ad-words list.
 * SquidGuard Blacklist.


*** DNS Server -Bind / PowerDNS-:

Local cache server is answering 127.0.0.1 to all selected blacklist domains. Possibility is also to redirect all traffic to a local IP hosting an inetsim (inetsim.org) to log all the traffic.
Supported format: 
  ** IP and Domain list in hostfile format.


*** SquidGuard:

SquidGuard used with a Squid below. All bad URL, IP, expressions from master blacklist are injected inside.
Supported format: 
  ** IP and Domain as used for DNS blacklist.
  ** Standart squidguard black list.
  ** Adblockplus black list.

*** Nginx:

Only generating a list of badguys for Nginx. So bad guys are getting a HTTP 500 code. bye, bye...
Supported format:
  ** IP and subnet in CIDR format.

*** Shorewall (in progress, but not working on it... might come with something else!):

Simply also add the list to the DROP shorewall blacklist. Be carrefull that this can be really be huged and slow down the connection. Furthermore this should not be considerate as really safe, as some DNS malware are using some well-known IP during most of the time and swap to a dirty IP for a short time period.


####
Alternative format can be added easily, drop-me a request enhancement on the git dash board ;-)

####

The full process is planned to be totally desynchronised.
The first process is generating the configuration files and storing the temp files in the resources directory.
If you launched severals time per day the scripts the result will be exactly the same, as all files downloaded are cached locally for 24h! And most backlist are not updated every few seconds... So do not stress.


hg clone https://github.com/psychedelys/block_127.git
cd block_127
EDIT ini/global.ini
CHECK ini/database.ini
READ the source code, well up-to-you...
bin/cleanify.pl
[...Processing...]
bin/deploy_*dns.sh
bin/deploy_nginx.sh
bin/deploy_...

Deploy the configuration is up-to you. According to your setup, and the number of front-end for your load. Everything is differents in each case from deploy localy to deploy on a cluster. But for each time, you just want to generate the file once. The exact methods are from cp to the rsync going though the web services or the BitTorrent protocol (http://engineering.twitter.com/2010/07/murder-fast-datacenter-code-deploys.html)
So the deploy_binddns, deploy_powerdns, deploy_squidguard, deploy_nginx are mostly here as example, write your own ;-)

And have fun...

####

DNS quick facts (Benchmark):


Bind 
----
Reload time -> 3 min
Memory Size -> 1.1 GB


PowerDNS
--------
injection time without RAMDISK -> very very long (~23h for sqlite on my test system)... Some more work need to be done here.
injection time with RAMDISK -> ~4min
Reload time -> < 10s
Memory Size -> 7 MB


Needed packages on a Debian/Ubuntu server.

libdatetime-perl
libcrypt-ssleay-perl