From 888ab252802f949189b8a96dbd0c5c489dbd04d5 Mon Sep 17 00:00:00 2001 From: AnxietyisReal <96593068+AnxietyisReal@users.noreply.github.com> Date: Sun, 21 Jan 2024 21:50:29 +1100 Subject: [PATCH] Block vulnerability scanners from attacking the host. --- .gitignore | 1 + ufwReject.sh | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 ufwReject.sh diff --git a/.gitignore b/.gitignore index 772e11c..7df15e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .env +ips.txt # Yarn stuff .yarn # TypeScript stuff diff --git a/ufwReject.sh b/ufwReject.sh new file mode 100644 index 0000000..daf7f75 --- /dev/null +++ b/ufwReject.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if [ "$EUID" -ne 0 ]; then + echo "Please run this script as root or sudo" + exit 1 +fi + +# Store the IP addresses in a file +IP_ADDRESSES_STORE="ips.txt" + +# Scan the kernel log for IP addresses and store them in a file +dmesg | grep 'SRC=' | awk -F'SRC=' '{ print $2 }' | awk '{ print $1 }' | sort | uniq | head -n 5000 > "$IP_ADDRESSES_STORE" + +# Populate the UFW reject rule with the IP addresses collected from the kernel log +while IFS= read -r ip +do + # Check if the IP is already in the UFW rules + if ! ufw status | grep -q "$ip" + then + ufw reject from $ip + fi +done < "$IP_ADDRESSES_STORE" + +echo "Done populating UFW reject rule" +exit 0