forked from mitchellkrogza/nginx-ultimate-bad-bot-blocker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
install-ngxblocker
executable file
·361 lines (298 loc) · 10.4 KB
/
install-ngxblocker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
#!/bin/sh
# Shell Script for Installing the Nginx Bad Bot Blocker
# Copyright - https://github.com/mitchellkrogza
# Project Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
# Version 2.2017.07
# Install script & Alpine Linux package by Stuart Cardall: https://github.com/itoffshore
# PLEASE READ CONFIGURATION INSTRUCTIONS BEFORE USING THIS - THIS IS ONLY A PARTIAL INSTALLER
# FOR COPYING THE FILES CORRECTLY TO THE NGINX FOLDERS:
# https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/blob/master/CONFIGURATION.md
# Use this script for a new install or to update to a new release (which has a new configuration
# file structure) and thereafter use the Auto Update Shell Script update-ngxblocker to update
# the blacklist in /etc/nginx/conf.d/globalblacklist.conf
# THIS INSTALL SCRIPT ONLY COPIES THE NECESSARY FILES FOR NGINX DIRECTLY FROM THE REPO
### The installer script does not carry out STEP 6 of the configuration instructions for you.
### You must manually edit any vhost files with the includes in STEP 6 or it will not actually be protecting any sites.
### READ: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/blob/master/CONFIGURATION.md
### You can also now use a setup script contributed by Stuart Cardall to automatically insert the includes for you
### See - https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/setup-ngxblocker
# Save this file as /usr/local/sbin/install-ngxblocker
# sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker
# Make it Executable:
# chmod 700 /usr/local/sbin/install-ngxblocker
# Run it from the command line:
# sudo /usr/local/sbin/install-ngxblocker [ -h ]
######## LETS INSTALL NOW ###############################
CONF_DIR=/etc/nginx/conf.d
BOTS_DIR=/etc/nginx/bots.d
SCRIPT_DIR=/usr/local/sbin
REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master
####### end user configuration ##########################
OS=$(uname -s)
usage() {
local script=$(basename $0)
cat <<EOF
$script: INSTALL Nginx Bad Bot Blocker configuration to: [ $CONF_DIR ] [ $BOTS_DIR ]
Usage: $script [OPTIONS]
[ -b ] : Bot rules directory (default: $BOTS_DIR)
[ -c ] : NGINX conf directory (default: $CONF_DIR)
[ -s ] : Script directory (default: $SCRIPT_DIR)
[ -r ] : Change repo url (default: $REPO)
[ -x ] : Actually change the files (default: don't change anything)
[ -q ] : Suppress non error messages
[ -v ] : Print blacklist version
[ -h ] : this help message
Examples:
$script (Don't change anything: display results on stdout)
$script -x (Download / update config files)
$script -q (Less verbose messages for cron)
EOF
exit 0
}
check_version() {
local file=$CONF_DIR/globalblacklist.conf
if [ -f $file ]; then
grep Version $file
grep 'Updated:' $file
else
printf "Missing '$file' (pass -c \$path before -v)\n"
fi
exit 0
}
longest_str() {
echo $@ | tr " " "\n" | awk '{print length ($0)}' | sort -nr | head -n1
}
check_if_updating() {
local x= local_file= local_dir=$1
local file_list="$(echo $@ | awk '{$1=""; print}' | sed -e 's/^[ \t]*//')"
for x in $file_list; do
local_file=$local_dir/$x
if [ ! -f $local_file ]; then
echo "true"
break
fi
done
}
download_files() {
local url= x= local_file= remote_path= remote_dir=$1 local_dir=$2 tmp= retval=
local file_list="$(echo $@ | awk '{$1=$2=""; print $0}' | sed -e 's/^[ \t]*//')" # rm leading whitespace
local col_size=$(( $(longest_str $file_list) + $(echo $remote_dir | wc -m) ))
if [ -n "$(check_if_updating $local_dir $file_list)" ]; then
printf "\nREPO = $REPO\n\n"
for x in $file_list; do
local_file=$local_dir/$x
if [ ! -f $local_file ] || [ ! -s $local_file ]; then
if [ "$remote_dir" = "/" ]; then
remote_path=$x
else
remote_path="$remote_dir/$x"
fi
if [ "$DRY_RUN" = "N" ]; then
printf "%-21s %-$(( $col_size +8 ))s %s" \
"Downloading [FROM]=>" \
"[REPO]/$remote_path" \
"[TO]=> $local_file"
tmp=$(mktemp)
url=$REPO/$remote_path
curl --fail --connect-timeout 60 --retry 10 --retry-delay 5 -so $tmp $url
retval=$?
case "$retval" in
0) printf "...OK\n"
mv $tmp $local_file
;;
22) printf "...ERROR 404: $url\n";;
28) printf "...ERROR TIMEOUT: $url\n";;
*) printf "...ERROR CURL: ($retval)\n";;
esac
else
printf "%-21s %-$(( $col_size +8 ))s %s\n" \
"Downloading [FROM]=>" \
"[REPO]/$remote_path" \
"[TO]=> $local_file"
fi
fi
done
else
print_message "Nothing to update for directory: $local_dir\n"
fi
}
set_mode() {
local mode=$1 dir=$2 file=
local file_list="$(echo $@ | awk '{$1=$2=""; print}' | sed -e 's/^[ \t]*//')"
for file in $file_list; do
print_message "Setting mode: $mode => $dir/$file\n"
chmod $mode $dir/$file
done
}
check_config() {
local x= dirs="$*"
for x in $dirs; do
if [ ! -d $x ]; then
printf "Creating directory: $x\n"
if [ "$DRY_RUN" = "N" ]; then
mkdir -p $x
fi
fi
done
}
sanitize_path() {
echo $1 |tr -cd '[:alnum:] [=@=] [=.=] [=-=] [=/=] [=_=]' \
|tr -s '@.-/_' |awk '{print tolower($0)}'
}
sanitize_url() {
echo $1 |tr -cd '[:alnum:] [=:=] [=.=] [=-=] [=/=]' \
|tr -s ':.-' |awk '{print tolower($0)}'
}
check_args() {
local option=$1 type=$2 arg=$3
local msg="ERROR: option '-$option' argument '$arg' requires:"
case "$type" in
path) if ! echo $arg | grep ^/ 1>/dev/null; then
printf "$msg absolute path.\n"
exit 1
fi
;;
url) if ! echo $arg | grep -E ^http[s]?://[0-9a-zA-Z-]+[.]+[/0-9a-zA-Z.]+ 1>/dev/null; then
printf "$msg url => http[s]://the.url\n"
exit 1
fi
;;
none) printf "$msg argument.\n"; exit 1;;
esac
}
print_message() {
local msg="$@"
if [ "$VERBOSE" != "N" ]; then
printf "$msg"
fi
}
get_options() {
local arg= opts=
while getopts :b:c:s:r:xvqh opts "$@"
do
if [ -n "${OPTARG}" ]; then
case "$opts" in
r) arg=$(sanitize_url ${OPTARG});;
*) arg=$(sanitize_path ${OPTARG});;
esac
fi
case "$opts" in
b) BOTS_DIR=$arg; check_args $opts path $arg ;;
c) CONF_DIR=$arg; check_args $opts path $arg ;;
s) SCRIPT_DIR=$arg; check_args $opts path $arg ;;
r) REPO=$arg; check_args $opts url $arg ;;
x) DRY_RUN=N ;;
v) check_version ;;
q) VERBOSE=N ;;
h) usage ;;
\?) usage ;;
:) check_args $OPTARG none none ;;
esac
done
}
wget_opts() {
local opts=
# GNU wget / Busybox 1.26.2
if wget --help 2>&1 | grep "\--spider" >/dev/null 2>&1; then
opts="--spider"
else # Busybox wget < 1.26.2
opts="-s"
fi
echo $opts
}
find_binary() {
local x= path= binary=$1 bin_paths='/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /root/bin /root/.bin'
for x in $bin_paths; do
path="$x/$binary"
if [ -x $path ]; then
echo $path
return
fi
done
}
check_depends() {
# some distros do not have these tools installed by default
local x= depends_list="wget curl"
for x in $depends_list; do
if [ -z $(find_binary $x) ]; then
printf "$0 requires: '$x' \n"
exit 1
fi
done
case $OS in
Linux)
# give a helpful message for missing pidof
if [ -z $(find_binary pidof) ]; then
printf "$0 requires 'pidof' \n\n"
printf "In Debian: apt install sysvinit-utils\n"
printf "In Centos: yum install sysvinit-tools\n"
exit 1
fi
;;
*BSD)
# give a helpful message for missing gsed
if [ -z $(find_binary gsed) ]; then
printf "$0 requires 'gsed' \n\n"
printf "In FreeBSD: 'pkg install textproc/gsed' or 'portmaster textproc/gsed'\n"
exit 1
fi
;;
esac
}
check_online() {
local url=$1 options=$(wget_opts)
if wget $options $url >/dev/null 2>&1; then
echo "true"
fi
}
main() {
local include_url=
# require root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
check_depends
# parse command line
get_options $@
include_url=$REPO/include_filelist.txt
# check repo is online & source includes
print_message "Checking url: $include_url\n"
if [ -n "$(check_online $include_url)" ]; then
local tmp=$(mktemp)
wget -q $include_url -O $tmp
# use period not source in POSIX shell
. $tmp 2>/dev/null
rm -f $tmp
else
printf "Repo down or missing: $include_url\n"
exit 1
fi
# double check we have some files sourced
if [ -z "$CONF_FILES" ] || [ -z "$BOT_FILES" ] || [ -z "$SCRIPT_FILES" ]; then
printf "Error sourcing variables from: $include_url\n"
exit 1
fi
# by default do not change any files
if [ -z "$DRY_RUN" ]; then
printf "\n** Dry Run ** | not updating files | run as '$(basename $0) -x' to install files.\n\n"
else
printf "\n"
fi
check_config $CONF_DIR $BOTS_DIR $SCRIPT_DIR
download_files conf.d $CONF_DIR $CONF_FILES
download_files bots.d $BOTS_DIR $BOT_FILES
download_files / $SCRIPT_DIR $SCRIPT_FILES
# ensures scripts are executable
if [ "$DRY_RUN" = "N" ]; then
set_mode 700 $SCRIPT_DIR $SCRIPT_FILES
fi
}
## START ##
main $@
exit $?
# PLEASE READ CONFIGURATION INSTRUCTIONS
# https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/blob/master/CONFIGURATION.md
# PLEASE ALSO SEE THE SETUP SCRIPT TO INSERT THE NECESSARY INCLUDES FOR YOU
### You can now use a setup script contributed by Stuart Cardall to automatically add the includes for you
### See - https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/setup-ngxblocker