#!/bin/bash DSTEST=`cat block.txt | sed '/#/d' | sed '/Start/d' | sed '/^$/d' | awk '{print $1}'` MALTEST=`cat malbots.txt` ETCC=`cat emerging-IPTABLES-CC.rules | sed '/#/d' | sed '/^$/d' | grep "src" | awk '{print $7}'` ETRBN=`cat emerging-IPTABLES-RBN.rules | sed '/#/d' | sed '/^$/d' | grep "src" | awk '{print $7}'` CIARM=`cat ci-badguys.txt` SPAMD=`cat drop.txt | sed '/^;/d' | awk '{print $1}'` SPAME=`cat edrop.txt | sed '/^;/d' | awk '{print $1}'` TEAMC=`cat fullbogons-ipv4.txt | sed '/#/d' | sed '/0.0.0.0/d' | sed '/172.0.0.0\/9/d' | sed '/172.16.0.0/d' | sed '/192.168.0.0/d' | sed '/224.0.0.0/d' | sed '/127.0.0.0/d'` UPDATE1="dropped.txt" # START ECHOING SRX STANZA TERMS TO THE FILTER LIST FILE echo "firewall {" > $UPDATE1 echo "family inet {" >> $UPDATE1 echo "replace:" >> $UPDATE1 echo "filter dropped {" >> $UPDATE1 if [ -z "$DSTEST" ] ; then echo "No output from DShield" else echo "Looks good for DShield" echo " term dshield-block {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat block.txt | while read H do sed '/#/d' | sed '/Start/d' | sed '/^$/d' | sed '/127.0.0.0/d' | awk '{print $1}' | sed 's/$/\/24/' | sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count dshield-block;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi if [ -z "$ETCC" ] ; then echo "No output from Emerging Threats CC" else echo "Looks good for Emerging Threats CC" echo " term emergingcc {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat emerging-IPTABLES-CC.rules | while read H do sed '/#/d' | sed '/^$/d' | grep "src" | awk '{print $7}' | sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count emergingcc-dropped;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi if [ -z "$ETRBN" ] ; then echo "No output from Emerging Threats RBN" else echo "Looks good for Emerging Threats RBN" echo " term emergingrbn {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat emerging-IPTABLES-RBN.rules | while read H do sed '/#/d' | sed '/^$/d' | grep "src" | awk '{print $7}' | sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count emergingrbn-dropped;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi if [ -z "$SPAMD" ] ; then echo "No output from Spamhaus DROP" else echo "Looks good for Spamhaus DROP" echo " term spamhaus-drop {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat drop.txt | while read H do sed '/^;/d' | awk '{print $1}' | sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count spamhaus-drop;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi if [ -z "$SPAME" ] ; then echo "No output for Spamhaus EDROP" else echo "Looks good for Spamhaus EDROP" echo " term spamhaus-edrop {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat edrop.txt | while read H do sed '/^;/d' | awk '{print $1}' | sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count spamhaus-edrop;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi if [ -z "$TEAMC" ] ; then echo "No output from Team-Cymru" else echo "Looks good for Team-Cymru" echo " term team-cymru {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat fullbogons-ipv4.txt | while read H do sed '/#/d' | sed '/0.0.0.0/d' | sed '/172.0.0.0\/9/d' | sed '/172.16.0.0/d' | sed '/192.168.0.0/d' | sed '/224.0.0.0/d' | sed '/127.0.0.0/d' | sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count blocked-bogons;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi if [ -z "$CIARM" ] ; then echo "No output from CI-ARM" else echo "Looks good for CI-ARM" echo " term collective-intel {" >> $UPDATE1 echo " from {" >> $UPDATE1 echo " address {" >> $UPDATE1 cat ci-badguys.txt | while read H do sed 's/$/;/' >> $UPDATE1 done echo " }" >> $UPDATE1 echo " } " >> $UPDATE1 echo " then { " >> $UPDATE1 echo " count ciarmy-dropped;" >> $UPDATE1 echo " syslog;" >> $UPDATE1 echo " discard; " >> $UPDATE1 echo " } " >> $UPDATE1 echo " } " >> $UPDATE1 fi echo " term default {" >> $UPDATE1 echo " then accept;" >> $UPDATE1 echo " }" >> $UPDATE1 echo " }" >> $UPDATE1 echo " }" >> $UPDATE1 echo " }" >> $UPDATE1 # # COPY THE CREATED FILE ACROSS TO THE SRX scp $UPDATE1 cronadmin@:/cf/var/home/cronadmin