nhyatt/bind-response-policy-zone-creator
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adds configuration from config file.

Browse Source
This commit is contained in:
Hyatt
2022-02-07 15:02:06 -06:00
parent b7ed5a30c2
commit ba892ce475
9 changed files with 331 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
cmd/bind/config.go
View File

@ -2,7 +2,6 @@ package main
import (
"os"
"regexp"
"time"
"github.com/hashicorp/logutils"
@ -23,31 +22,32 @@ type configStructure struct {
HTTPClientTLSHandshakeTimeout int
HTTPClientIdleTimeout int
// Download Sources
URLBlocklistHostFiles []string
URLBlocklistsSimple []string
// Allowlist (regex)
DomainAllowlist []*regexp.Regexp
// Named Config Generator
NamedConfig namedConfigStruct
// Output Filename
BindOutputFileName string
// Config
ConfigFileLocation string
Config configFileStruct
}
type namedConfigStruct struct {
TTL string
Domain string
Email string
Timestamp string
Refresh string
Retry string
Expire string
Minimum string
NameServers []string
BadDomains []string
type configFileStruct struct {
ZoneConfig struct {
TTL string `yaml:"timeToLive"`
Domain string `yaml:"baseDomain"`
Email string `yaml:"emailAddress"`
Serial string `yaml:"zoneSerialNumber"`
Refresh string `yaml:"zoneRefresh"`
Retry string `yaml:"zoneRetry"`
Expire string `yaml:"zoneExpire"`
Minimum string `yaml:"zoneMinimum"`
NameServers []string `yaml:"nameServers"`
BlockedDomains []string `yaml:"blockedDomains"`
} `yaml:"zoneConfig"`
Sources struct {
HostFileURLs []string `yaml:"hostFileURLs"`
DomainListURLs []string `yaml:"domainListURLs"`
} `yaml:"sources"`
AllowLists []string `yaml:"allowList"`
}
var config = configStructure{
@ -59,59 +59,44 @@ var config = configStructure{
// Nice blocklist location: https://firebog.net/
// Default Blocklist
URLBlocklistHostFiles: []string{
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
"http://sysctl.org/cameleon/hosts",
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt",
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts",
},
URLBlocklistsSimple: []string{
"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt",
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
"https://v.firebog.net/hosts/Prigent-Crypto.txt",
"https://phishing.army/download/phishing_army_blocklist_extended.txt",
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt",
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt",
"https://dbl.oisd.nl/",
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt",
},
// default URL Allow hosts
DomainAllowlist: []*regexp.Regexp{
// localhosts included in blocklists for some reason
regexp.MustCompile(`localhost`),
regexp.MustCompile(`localhost.localdomain`),
regexp.MustCompile(`local`),
regexp.MustCompile(`broadcasthost`),
regexp.MustCompile(`localhost`),
regexp.MustCompile(`ip6-localhost`),
regexp.MustCompile(`ip6-loopback`),
regexp.MustCompile(`localhost`),
regexp.MustCompile(`ip6-localnet`),
regexp.MustCompile(`ip6-mcastprefix`),
regexp.MustCompile(`ip6-allnodes`),
regexp.MustCompile(`ip6-allrouters`),
regexp.MustCompile(`ip6-allhosts`),
// default allow hosts
regexp.MustCompile(`(^|\.)` + `thepiratebay\.org`),
regexp.MustCompile(`(^|\.)` + `sendgrid\.net`),
regexp.MustCompile(`(^|\.)` + `googleadservices\.com`),
regexp.MustCompile(`(^|\.)` + `doubleclick\.net`),
regexp.MustCompile(`(^|\.)` + `sailthru\.com`),
regexp.MustCompile(`(^|\.)` + `magiskmanager\.com`),
regexp.MustCompile(`(^|\.)` + `apiservices\.krxd\.net`),
regexp.MustCompile(`(^|\.)` + `logfiles\.zoom\.us`),
regexp.MustCompile(`(^|\.)` + `logfiles-va\.zoom\.us`),
regexp.MustCompile(`(^|\.)` + `nest\.com`),
regexp.MustCompile(`(^|\.)` + `clients.\.google\.com`),
regexp.MustCompile(`(^|\.)` + `login\.live\.com`),
regexp.MustCompile(`(^|\.)` + `unagi\.amazon\.com`),
regexp.MustCompile(`(^|\.)` + `unagi-na\.amazon\.com`),
regexp.MustCompile(`(^|\.)` + `duckduckgo\.com`),
regexp.MustCompile(`(^|\.)` + `msn\.com`),
regexp.MustCompile(`(^|\.)` + `nexusrules\.officeapps\.live\.com`),
regexp.MustCompile(`(^|\.)` + `playfabapi\.com`),
regexp.MustCompile(`(^|\.)` + `vercel-dns\.com`),
Config: configFileStruct{
Sources: struct {
HostFileURLs []string `yaml:"hostFileURLs"`
DomainListURLs []string `yaml:"domainListURLs"`
}{
HostFileURLs: []string{
//"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
//"http://sysctl.org/cameleon/hosts",
//"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt",
//"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts",
},
DomainListURLs: []string{
//"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
//"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt",
//"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
//"https://v.firebog.net/hosts/Prigent-Crypto.txt",
//"https://phishing.army/download/phishing_army_blocklist_extended.txt",
//"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt",
//"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt",
//"https://dbl.oisd.nl/",
//"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt",
},
},
AllowLists: []string{
// localhosts included in blocklists for some reason
`localhost`,
`localhost.localdomain`,
`local`,
`broadcasthost`,
`localhost`,
`ip6-localhost`,
`ip6-loopback`,
`localhost`,
`ip6-localnet`,
`ip6-mcastprefix`,
`ip6-allnodes`,
`ip6-allrouters`,
`ip6-allhosts`,
},
},
}