vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-02 18:50:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

update-ngxblocker: use install-ngxblocker as $INSTALLER

Browse source 
* tidy up tabs / spaces

$INSTALL_INC now downloads new / missing files:

* as part of the update process
* if missing directories are detected
This commit is contained in:
Stuart Cardall 2017-07-26 23:37:45 +00:00
parent abd5f4454a
commit 48e4be4a7c
No known key found for this signature in database
GPG key ID: AEB857F1C891D0C6
1 changed files with 106 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

174
update-ngxblocker
View file

@ -32,6 +32,7 @@ EMAIL="me@myemail.com"
SEND_EMAIL="Y" SEND_EMAIL="Y"
CONF_DIR=/etc/nginx/conf.d CONF_DIR=/etc/nginx/conf.d
BOTS_DIR=/etc/nginx/bots.d BOTS_DIR=/etc/nginx/bots.d
INSTALLER=/usr/sbin/install-ngxblocker
##### end user configuration ############################################################## ##### end user configuration ##############################################################
@ -50,6 +51,7 @@ $script: UPDATE Nginx Bad Bot Blocker blacklist in: [ $CONF_DIR ]
Usage: $script [OPTIONS] Usage: $script [OPTIONS]
[ -c ] : NGINX conf directory (default: $CONF_DIR) [ -c ] : NGINX conf directory (default: $CONF_DIR)
[ -b ] : NGINX bots directory (default: $BOTS_DIR) [ -b ] : NGINX bots directory (default: $BOTS_DIR)
[ -i ] : Change installer path (default: $INSTALLER)
[ -r ] : Change repo url (default: $REPO) [ -r ] : Change repo url (default: $REPO)
[ -e ] : Change email address (default: $EMAIL) [ -e ] : Change email address (default: $EMAIL)
[ -n ] : Do not send email report (default: $SEND_EMAIL) [ -n ] : Do not send email report (default: $SEND_EMAIL)
@ -61,6 +63,7 @@ Examples:
$script -c /my/custom/conf.d (Download globalblacklist.conf to a custom location) $script -c /my/custom/conf.d (Download globalblacklist.conf to a custom location)
$script -b /my/custom/bots.d (Download globalblacklist.conf & update with your custom bots.d location) $script -b /my/custom/bots.d (Download globalblacklist.conf & update with your custom bots.d location)
$script -e yourname@youremailaddress.com (Download globalblacklist.conf specifying your email address for the notification) $script -e yourname@youremailaddress.com (Download globalblacklist.conf specifying your email address for the notification)
$script -u /path/to/install-ngxblocker (Use custom path to install-ngxblocker to update bots.d / conf.d include files)
EOF EOF
exit 0 exit 0
} }
@ -90,20 +93,35 @@ check_version() {
printf "\nLatest Blacklist Already Installed: $BOLDGREEN$version$RESET\n\n" printf "\nLatest Blacklist Already Installed: $BOLDGREEN$version$RESET\n\n"
fi fi
else else
printf "Missing '$file' (pass -c \$path before -v)\n" printf "${BOLDRED}ERROR${RESET}: Missing '$file' => ${BOLDWHITE}running $INSTALLER:${RESET}\n"
$INSTALL_INC
if [ -f $file ]; then
check_version
fi
fi fi
exit 0 exit 0
} }
check_dirs() {
local x= dirs=$@
for x in $dirs; do
if [ ! -d $x ]; then
printf "${BOLDRED}ERROR${RESET}: Missing directory: $x => ${BOLDWHITE}running $INSTALLER:${RESET}\n"
$INSTALL_INC
fi
done
}
update_paths() { update_paths() {
# variables in nginx include files not currently possible # variables in nginx include files not currently possible
# updates hard coded bots.d path in globalblacklist.conf # updates hard coded bots.d path in globalblacklist.conf
local blacklist=$1 email_report=$2 include_paths= dir= x= local blacklist=$1 include_paths= dir= x=
if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then
if [ -d $BOTS_DIR ]; then if [ -d $BOTS_DIR ]; then
printf "Updating bots.d path: $BOTS_DIR => $blacklist\n" | tee -a $email_report printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n"
include_paths=$(grep -E "include /.*.conf;$" $blacklist | awk '{print $2}' | tr -d ';') include_paths=$(grep -E "include /.*.conf;$" $blacklist | awk '{print $2}' | tr -d ';')
for x in $include_paths; do for x in $include_paths; do
@ -111,8 +129,9 @@ update_paths() {
sed -i "s|$dir|$BOTS_DIR|" $blacklist sed -i "s|$dir|$BOTS_DIR|" $blacklist
done done
else else
printf "${BOLDRED}ERROR${RESET}: '$BOTS_DIR' does not exist => NOT updating $blacklist\n" \ printf "${BOLDRED}ERROR${RESET}: '$BOTS_DIR' does not exist => ${BOLDWHITE}running $INSTALLER${RESET}.\n"
| tee -a $email_report $INSTALL_INC
update_paths $blacklist
fi fi
fi fi
} }
@ -142,41 +161,46 @@ wget_opts() {
} }
sanitize_path() { sanitize_path() {
echo $1 |tr -cd '[:alnum:] [=@=] [=.=] [=-=] [=/=] [=_=]' \ echo $1 |tr -cd '[:alnum:] [=@=] [=.=] [=-=] [=/=] [=_=]' \
|tr -s '@.-/_' |awk '{print tolower($0)}' |tr -s '@.-/_' |awk '{print tolower($0)}'
} }
sanitize_url() { sanitize_url() {
echo $1 |tr -cd '[:alnum:] [=:=] [=.=] [=-=] [=/=]' \ echo $1 |tr -cd '[:alnum:] [=:=] [=.=] [=-=] [=/=]' \
|tr -s ':.-' |awk '{print tolower($0)}' |tr -s ':.-' |awk '{print tolower($0)}'
} }
sanitize_email() { sanitize_email() {
echo $1 |tr -cd '[:alnum:] [=@=] [=.=] [=-=] [=_=]' \ echo $1 |tr -cd '[:alnum:] [=@=] [=.=] [=-=] [=_=]' \
|tr -s '@-_.' |awk '{print tolower($0)}' |tr -s '@-_.' |awk '{print tolower($0)}'
} }
check_args() { check_args() {
local option=$1 type=$2 arg=$3 local option=$1 type=$2 arg=$3
local msg="ERROR: option '-$option' argument '$arg' requires:" local msg="ERROR: option '-$option' argument '$arg' requires:"
case "$type" in case "$type" in
path) if ! echo $arg | grep ^/ 1>/dev/null; then path) if ! echo $arg | grep ^/ 1>/dev/null; then
printf "$msg absolute path.\n" printf "$msg absolute path.\n"
exit 1 exit 1
fi fi
;; ;;
email) if ! echo $arg | grep -E ^[-_[:alnum:]]+@[-_[:alnum:]]+[\.][\.a-z]+ 1>/dev/null; then email) if ! echo $arg | grep -E ^[-_[:alnum:]]+@[-_[:alnum:]]+[\.][\.a-z]+ 1>/dev/null; then
printf "$msg email@domain.com\n" printf "$msg email@domain.com\n"
exit 1 exit 1
fi fi
;; ;;
url) if ! echo $arg | grep -E ^http[s]?://[0-9a-zA-Z-]+[.]+[/0-9a-zA-Z.]+ 1>/dev/null; then url) if ! echo $arg | grep -E ^http[s]?://[0-9a-zA-Z-]+[.]+[/0-9a-zA-Z.]+ 1>/dev/null; then
printf "$msg url => http[s]://the.url\n" printf "$msg url => http[s]://the.url\n"
exit 1 exit 1
fi fi
;; ;;
none) printf "$msg argument.\n"; exit 1;; script) if [ ! -x $arg ]; then
printf "$msg '$arg' is not executable / does not exist.\n"
exit 1
fi
;;
none) printf "$msg argument.\n"; exit 1;;
esac esac
} }
@ -190,48 +214,56 @@ check_mail_depends() {
check_depends() { check_depends() {
# centos does not have wget installed by default # centos does not have wget installed by default
if ! wget --help >/dev/null 2>&1; then if ! wget --help >/dev/null 2>&1; then
printf "$0 requires: wget => cannot download files.\n" printf "${BOLDRED}ERROR${RESET}: $0 requires: 'wget' => ${BOLDWHITE}cannot download files.${RESET}\n"
exit 1 exit 1
fi fi
# centos also does not have which by default # centos also does not have which by default
if [ ! -x /usr/bin/curl ]; then if [ ! -x /usr/bin/curl ]; then
printf "$0 requires: curl => cannot check remote version.\n" printf "${BOLDRED}ERROR${RESET}: $0 requires: 'curl' => ${BOLDWHITE}cannot check remote version.${RESET}\n"
exit 1
fi
# install-ngxblocker downloads updated scripts / missing includes as part of the update process
if [ ! -x $INSTALLER ]; then
printf "${BOLDRED}ERROR${RESET}: $0 requires: '$INSTALLER' => ${BOLDWHITE}cannot update includes.${RESET}\n"
exit 1 exit 1
fi fi
} }
get_options() { get_options() {
local arg= opts= local arg= opts=
while getopts :c:b:r:e:nvh opts "$@" while getopts :c:b:u:r:e:nvh opts "$@"
do do
if [ -n "${OPTARG}" ]; then if [ -n "${OPTARG}" ]; then
case "$opts" in case "$opts" in
r) arg=$(sanitize_url ${OPTARG});; r) arg=$(sanitize_url ${OPTARG});;
e) arg=$(sanitize_email ${OPTARG});; e) arg=$(sanitize_email ${OPTARG});;
*) arg=$(sanitize_path ${OPTARG});; *) arg=$(sanitize_path ${OPTARG});;
esac esac
fi fi
case "$opts" in case "$opts" in
c) CONF_DIR=$arg; check_args $opts path $arg ;; c) CONF_DIR=$arg; check_args $opts path $arg ;;
b) BOTS_DIR=$arg; check_args $opts path $arg ;; b) BOTS_DIR=$arg; check_args $opts path $arg ;;
r) REPO=$arg; check_args $opts url $arg ;; u) INSTALLER=$arg; check_args $opts script $arg ;;
e) EMAIL=$arg; check_args $opts email $arg ;; r) REPO=$arg; check_args $opts url $arg ;;
n) SEND_EMAIL=N ;; e) EMAIL=$arg; check_args $opts email $arg ;;
v) check_version ;; n) SEND_EMAIL=N ;;
h) usage ;; v) check_depends; check_version ;;
\?) usage ;; h) usage ;;
:) check_args $OPTARG none none ;; \?) usage ;;
esac :) check_args $OPTARG none none ;;
done esac
done
INSTALL_INC="$INSTALLER -b $BOTS_DIR -c $CONF_DIR -x"
} }
main() { main() {
local email_report=$(mktemp) file=globalblacklist.conf
local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
local remote_dir=conf.d url= output= update= status= local file=globalblacklist.conf remote_dir=conf.d url= output= update= status=
# default to service (centos does not have 'which' by default) # default to service (centos does not have 'which' by default)
local service=${service_cmd:-"service"} local service=${service_cmd:-"service"}
@ -242,6 +274,7 @@ main() {
fi fi
check_depends check_depends
check_dirs $BOTS_DIR $CONF_DIR $SCRIPT_DIR
# parse command line # parse command line
get_options $@ get_options $@
@ -250,19 +283,22 @@ main() {
# check for updated blacklist # check for updated blacklist
update=$(check_version | tail -n 2) update=$(check_version | tail -n 2)
printf "\n$update\n\n" | tee $email_report printf "\n$update\n\n"
if echo $update | grep ^Update 1>/dev/null; then if echo $update | grep ^Update 1>/dev/null; then
# download update # download globalblacklist update
mkdir -p $CONF_DIR mkdir -p $CONF_DIR
wget $url $(wget_opts) -O $output 2>&1 | tee -a $email_report wget $url $(wget_opts) -O $output 2>&1
# download new bots.d / conf.d files
$INSTALL_INC
# re-read nginx configuration # re-read nginx configuration
if ! grep "Not Found" $email_report; then if ! grep "Not Found" $EMAIL_REPORT; then
# set custom bots.d path # set custom bots.d path
update_paths $output $email_report update_paths $output
$service nginx reload $service nginx reload
if [ $? = 0 ]; then if [ $? = 0 ]; then
@ -270,13 +306,13 @@ main() {
else else
status="${BOLDRED}[FAILED]${RESET}" status="${BOLDRED}[FAILED]${RESET}"
fi fi
printf "\nReloading NGINX configuration...$status\n" | tee -a $email_report printf "\nReloading NGINX configuration...$status\n"
else else
printf "\n${BOLDRED}Download failed${RESET}: not reloading NGINX config\n" | tee -a $email_report printf "\n${BOLDRED}Download failed${RESET}: not reloading NGINX config\n"
fi fi
else else
# set custom bots.d path # set custom bots.d path
update_paths $output $email_report update_paths $output
fi fi
# email report # email report
@ -284,16 +320,18 @@ main() {
case "$SEND_EMAIL" in case "$SEND_EMAIL" in
y*|Y*) printf "Emailing report to: ${BOLDWHITE}$EMAIL${RESET}\n\n"; y*|Y*) printf "Emailing report to: ${BOLDWHITE}$EMAIL${RESET}\n\n";
# remove ansi colour codes # remove ansi colour codes
sed -i 's/\x1b\[[0-9;]*m//g' $email_report sed -i 's/\x1b\[[0-9;]*m//g' $EMAIL_REPORT
cat $email_report | mail -s "Nginx Bad Bot Blocker Updated" $EMAIL cat $EMAIL_REPORT | mail -s "Nginx Bad Bot Blocker Updated" $EMAIL
;; ;;
esac esac
rm -f $email_report rm -f $EMAIL_REPORT
} }
## start ## ## start ##
main $@ EMAIL_REPORT=$(mktemp)
main $@ | tee $EMAIL_REPORT
exit $? exit $?
# Add this as a cron to run daily / weekly as you like # Add this as a cron to run daily / weekly as you like