Begin of restructuring ...

- deprecate old release
- set virtual version
- we need tpot user / group, adding to installer
- tweaking
- do not use the dev branch, it will break stuff

docker/tpotinit/dist/bin/blackhole.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+# Run as root only.
+myWHOAMI=$(whoami)
+if [ "$myWHOAMI" != "root" ]
+  then
+    echo "### Need to run as root ..."
+    echo
+    exit
+fi
+
+# Disclaimer
+if [ "$1" == "" ];
+  then
+    echo "### Warning!"
+    echo "### This script will download and add blackhole routes for known mass scanners in an attempt to decrease the chance of detection."
+    echo "### IPs are neither curated or verified, use at your own risk!"
+    echo "###"
+    echo "### As long as <blackhole.sh del> is not executed the routes will be re-added on T-Pot start through </opt/tpot/bin/updateip.sh>."
+    echo "### Check with <ip r> or <dps.sh> if blackhole is enabled."
+    echo
+    echo "Usage: blackhole.sh add (add blackhole routes)" 
+    echo "       blackhole.sh del (delete blackhole routes)"
+    echo
+    exit
+fi
+
+# QnD paths, files
+mkdir -p /etc/blackhole
+cd /etc/blackhole
+myFILE="mass_scanner.txt"
+myURL="https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt"
+myBASELINE="500"
+# Alternatively, using less routes, but blocking complete /24 networks
+#myFILE="mass_scanner_cidr.txt"
+#myURL="https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner_cidr.txt"
+
+# Calculate age of downloaded list, read IPs
+if [ -f "$myFILE" ];
+  then
+    myNOW=$(date +%s)
+    myOLD=$(date +%s -r "$myFILE")
+    myDAYS=$(( ($myNOW-$myOLD) / (60*60*24) ))
+    echo "### Downloaded $myFILE list is $myDAYS days old."
+    myBLACKHOLE_IPS=$(grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" "$myFILE" | sort -u)
+fi
+
+# Let's load ip list
+if [[ ! -f "$myFILE" && "$1" == "add" || "$myDAYS" -gt 30 ]];
+  then
+    echo "### Downloading $myFILE list."
+    aria2c --allow-overwrite -s16 -x 16 "$myURL" && \
+    myBLACKHOLE_IPS=$(grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" "$myFILE" | sort -u) 
+fi
+
+myCOUNT=$(echo $myBLACKHOLE_IPS | wc -w)
+# Let's extract mass scanner IPs
+if [ "$myCOUNT" -lt "$myBASELINE" ] && [ "$1" == "add" ];
+  then
+    echo "### Something went wrong. Please check contents of /etc/blackhole/$myFILE."
+    echo "### Aborting."
+    echo
+    exit
+elif [ "$(ip r | grep 'blackhole' -c)" -gt "$myBASELINE" ] && [ "$1" == "add" ];
+  then
+    echo "### Blackhole already enabled."
+    echo "### Aborting."
+    echo
+    exit
+fi
+
+# Let's add blackhole routes for all mass scanner IPs
+if [ "$1" == "add" ];
+  then
+    echo
+    echo -n "Now adding $myCOUNT IPs to blackhole."
+    for i in $myBLACKHOLE_IPS;
+      do
+        ip route add blackhole "$i"
+	echo -n "."
+    done
+    echo
+    echo "Added $(ip r | grep "blackhole" -c) IPs to blackhole."
+    echo
+    echo "### Remember!"
+    echo "### As long as <blackhole.sh del> is not executed the routes will be re-added on T-Pot start through </opt/tpot/bin/updateip.sh>."
+    echo "### Check with <ip r> or <dps.sh> if blackhole is enabled."
+    echo
+    exit
+fi
+
+# Let's delete blackhole routes for all mass scanner IPs
+if [ "$1" == "del" ] && [ "$myCOUNT" -gt "$myBASELINE" ];
+  then
+    echo
+    echo -n "Now deleting $myCOUNT IPs from blackhole."
+      for i in $myBLACKHOLE_IPS;
+        do
+          ip route del blackhole "$i"
+	  echo -n "."
+      done
+      echo
+      echo "$(ip r | grep 'blackhole' -c) IPs remaining in blackhole."
+      echo
+      rm "$myFILE"
+  else
+    echo "### Blackhole already disabled."
+    echo
+fi