From patchwork Thu Feb 20 21:13:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8472 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YzQwb2sw2z3x1v for ; Thu, 20 Feb 2025 21:13:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YzQwX5Z7qz2S0; Thu, 20 Feb 2025 21:13:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YzQwX0xyYz33g7; Thu, 20 Feb 2025 21:13:32 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YzQwT6Llwz2yHY for ; Thu, 20 Feb 2025 21:13:29 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YzQwS69bJzH4; Thu, 20 Feb 2025 21:13:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1740086008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=JqjVurH7psu48GhtyeWRC5Xm+XAivKvoh5GhuatF2h4=; b=zRBfIGTzeZmZXc/nC0ZoYqY/Y3DNFudz6wEBlJgl7kT6uMDNhnjzKz38wmMULs1WDRADTw 6EuthddxUHZfI8CA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1740086008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=JqjVurH7psu48GhtyeWRC5Xm+XAivKvoh5GhuatF2h4=; b=jeEzQM6vV1x9xupqIKj81x2BhBxcjj3/8HZ/ZuzpyAf2+kVC6s6AkRis80a0kvhKjk5Iqg mZC9qW4fvfqPSQzsktyFtl7ikDsaoCqTLsf/Z+zvZtZMwUTubPFkvHjZd3yPxo3Vx93mco Z0iFXPav/8n39JVjCfSGIgzfyE3ZE+G/1fLcVyhRfjNUZC961pCZv96oZ/8B2IFfiwP8fE DR7kUFZyzMH7C8iVYS6L54t07Mr5VM45mLCOxN1HNaV6mICy/tS4Fv1Ue9fu++zV1FViTB qHGU48Ocf+fUgc82pDM5XMuHU2bw6QwCIskChRNjSIy8UGID/eqOtGzIP1PU5A== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/3] sources: Remove ABUSECH_BOTNETC2 from ipblocklist sources Date: Thu, 20 Feb 2025 22:13:23 +0100 Message-ID: <20250220211325.3273650-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: NWIN4TPHCHOORPPZKAAHHBDFZ5CJPSN3 X-Message-ID-Hash: NWIN4TPHCHOORPPZKAAHHBDFZ5CJPSN3 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Abuse.ch deprecated the ABUSECH_BOTNETC2 list on 3rd Jan 2025 without any warning or notification except for the deprecation message in the block list. - This patch removes that list from the ipblocklist sources. - This is part of a patch set that also removes this list from the files in users systems and from any restore from an earlier backup when the updates sources list is issued. Signed-off-by: Adolf Belka --- config/ipblocklist/sources | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources index 158c8bc20..a25353528 100644 --- a/config/ipblocklist/sources +++ b/config/ipblocklist/sources @@ -128,11 +128,5 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis 'info' => 'https://blacklist.3coresec.net', 'parser' => 'ip-or-net-list', 'rate' => '1d', - 'category' => 'attacker' }, - 'ABUSECH_BOTNETC2' => { 'name' => 'ABUSE.ch Botnet C2 IP Blocklist', - 'url' => 'https://sslbl.abuse.ch/blacklist/sslipblacklist.txt', - 'info' => 'https://sslbl.abuse.ch/blacklist#botnet-c2-ips-csv', - 'parser' => 'ip-or-net-list', - 'rate' => '5m', - 'category' => 'reputation' } + 'category' => 'attacker' } ); From patchwork Thu Feb 20 21:13:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8473 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YzQwd3P10z3x1v for ; Thu, 20 Feb 2025 21:13:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YzQwY3j7Sz4Zc; Thu, 20 Feb 2025 21:13:33 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YzQwY3BG5z33ll; Thu, 20 Feb 2025 21:13:33 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YzQwV02Vnz2yHY for ; Thu, 20 Feb 2025 21:13:30 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YzQwT5j29z2S0; Thu, 20 Feb 2025 21:13:29 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1740086009; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ltMJwMU+diLBbbOpQLClLL6iHdT3uOZbsI+OiGhLPDE=; b=YRyxoWRdlzjNkmxOwpmPwItLf5jvcZ8re5EIHyMVI1a+089dKqzsCbqe+5WfyItPLiO+di voQgy2B849Qn6YAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1740086009; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ltMJwMU+diLBbbOpQLClLL6iHdT3uOZbsI+OiGhLPDE=; b=QIkm1okOQdWTiBA6j+z5euTX7BjUqq6d1MYLl+e2PnY0lO4laC8BP3IaSfdn29D6FIsylA LPxPKwXk6J0pB2D3wMLtG42u+1YCBjYwBS/8KR6RYxxkEgV8W58XW8+6WsXBYiWFVQ+Hmz uWrysLZCUHc1Jg9/T1LOMsc6fB1lfx6uHasBhY6Od8/6igznKukqr59s4eyglujl0kRSrl fVGQH9vReK9RH5Idyh5tuhHGeKEgoaRIL1R1xjNvj44saU82wbrniDevz6nhI2xHX9nWVX f3UqelgFFHGqcOpq4O0iVyj13jnhCULYu8Z4CbVnrEUvwUXYqpWXk6fr62Eniw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/3] backup.pl: Remove ABUSECH_BOTNETC2 lists from backup during restore. Date: Thu, 20 Feb 2025 22:13:24 +0100 Message-ID: <20250220211325.3273650-2-adolf.belka@ipfire.org> In-Reply-To: <20250220211325.3273650-1-adolf.belka@ipfire.org> References: <20250220211325.3273650-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: ZHWHG5GQLAELT55WAV4LWPPCJJSJZBPX X-Message-ID-Hash: ZHWHG5GQLAELT55WAV4LWPPCJJSJZBPX X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - This removes ABUSECH_BOTNETC2 from any backup during a restore in the same way as done previously with ALIENVAULT and SPAMHAUS_EDROP. Signed-off-by: Adolf Belka --- config/backup/backup.pl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 4f4273d26..1c8c87d0a 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -252,16 +252,20 @@ restore_backup() { -out /etc/httpd/server.crt &>/dev/null fi - # Remove any entry for ALIENVAULT or SPAMHAUS_EDROP from the ipblocklist modified file + # Remove any entry for ALIENVAULT, SPAMHAUS_EDROP or ABUSECH_BOTNETC2 from the ipblocklist modified file # and the associated ipblocklist files from the /var/lib/ipblocklist directory sed -i '/ALIENVAULT=/d' /var/ipfire/ipblocklist/modified sed -i '/SPAMHAUS_EDROP=/d' /var/ipfire/ipblocklist/modified + sed -i '/ABUSECH_BOTNETC2=/d' /var/ipfire/ipblocklist/modified if [ -e /var/lib/ipblocklist/ALIENVAULT.conf ]; then rm /var/lib/ipblocklist/ALIENVAULT.conf fi if [ -e /var/lib/ipblocklist/SPAMHAUS_EDROP.conf ]; then rm /var/lib/ipblocklist/SPAMHAUS_EDROP.conf fi + if [ -e /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf ]; then + rm /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf + fi # The collectd directory structure was changed but not all changes # are done by the official migration script generator From patchwork Thu Feb 20 21:13:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8474 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YzQwf2ct2z3xGq for ; Thu, 20 Feb 2025 21:13:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YzQwY5gDQz4fk; Thu, 20 Feb 2025 21:13:33 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YzQwY4bBhz33v3; Thu, 20 Feb 2025 21:13:33 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YzQwV4YtHz33g7 for ; Thu, 20 Feb 2025 21:13:30 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YzQwV02M0zH4; Thu, 20 Feb 2025 21:13:29 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1740086010; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2YMmHGBzLOlHDQUSlKpfqhKq44jKW0aNbFYstNAb5LA=; b=1g4LtZMNMv54VB0ArOc4wP3TnCVKrWMJwV//OfRs+UfybLWPDBm5arL0qoECBMPeeWWuBi gFKLigqgUDLxtvCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1740086010; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2YMmHGBzLOlHDQUSlKpfqhKq44jKW0aNbFYstNAb5LA=; b=WUwTKBphp/Rddm8eEENqz6FXGqQQBt0g8y9TCGZ3I23OtPxPEw5lUHTjqtYc/1dA/t6AUA pNNcc7fjUDebVIieEM00IFPd373gDHaUZThlfwuJT/8m7WuU4pmT+2GXe+ErZGXDkutncY mh3+WhEMZ8naChLOqMHz0OBNATeSI3bL2G8u6nOF+G5Y3n0XEu5uVICu6b7gXTBEPHBKZ/ pbC+t+ZR/DTKBxwkjb2m2mBkkIH3b9DKZ7F6g2Q7Zirn0Ug1bUNkpnGtmWIyIoYhQ95ypY A6DllnTO5w4PwOFtiqYAY0K6QbzZhIAhHIXvY3A4Bx6uMi6sZ72JJRwwmXBpAw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 3/3] update.sh: Remove ABUSECH_BOTNETC2 lists from users systems during update. Date: Thu, 20 Feb 2025 22:13:25 +0100 Message-ID: <20250220211325.3273650-3-adolf.belka@ipfire.org> In-Reply-To: <20250220211325.3273650-1-adolf.belka@ipfire.org> References: <20250220211325.3273650-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: VHSOBVD56TXH5CAZB5I542RT5EURJBQX X-Message-ID-Hash: VHSOBVD56TXH5CAZB5I542RT5EURJBQX X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - This removes ABUSECH_BOTNETC2 from users system during the update in the same way as done previously with ALIENVAULT and SPAMHAUS_EDROP. - As next is still in CU192 I could not add these lines into the CU193 update.sh so I have added it to the CU192 update.sh - If not appropriate then let me know and when the CU193 is created in next I will redo the patch and re-submit it. Signed-off-by: Adolf Belka --- config/rootfiles/core/192/update.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/192/update.sh b/config/rootfiles/core/192/update.sh index f81857053..d528a190f 100644 --- a/config/rootfiles/core/192/update.sh +++ b/config/rootfiles/core/192/update.sh @@ -17,7 +17,7 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2024 IPFire-Team . # +# Copyright (C) 2025 IPFire-Team . # # # ############################################################################ # @@ -159,6 +159,13 @@ rm -rvf \ /var/log/rrd/collectd/localhost/processes* \ /var/log/rrd/collectd/localhost/thermal-cooling_device* +# Remove any entry for ABUSECH_BOTNETC2 from the ipblocklist modified file +# and the associated ipblocklist files from the /var/lib/ipblocklist directory +sed -i '/ABUSECH_BOTNETC2=/d' /var/ipfire/ipblocklist/modified +if [ -e /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf ]; then + rm /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf +fi + # Apply local configuration to sshd_config /usr/local/bin/sshctrl