-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathfail2ban.sh
181 lines (168 loc) · 4.08 KB
/
fail2ban.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#!/bin/bash
CHECK_OS(){
if [[ -f /etc/redhat-release ]];then
release="centos"
elif cat /etc/issue | grep -q -E -i "debian";then
release="debian"
elif cat /etc/issue | grep -q -E -i "ubuntu";then
release="ubuntu"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then
release="centos"
elif cat /proc/version | grep -q -E -i "debian";then
release="debian"
elif cat /proc/version | grep -q -E -i "ubuntu";then
release="ubuntu"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then
release="centos"
fi
}
GET_SETTING_FAIL2BAN_INFO(){
read -p "允许SSH登陆失败次数,默认10:" BLOCKING_THRESHOLD
if [[ ${BLOCKING_THRESHOLD} = "" ]];then
BLOCKING_THRESHOLD='10'
fi
read -p "SSH登陆失败次数超过${BLOCKING_THRESHOLD}次时,封禁时长(h),默认8760:" BLOCKING_TIME_H
if [[ ${BLOCKING_TIME_H} = "" ]];then
BLOCKING_TIME_H='8760'
fi
BLOCKING_TIME_S=$(expr ${BLOCKING_TIME_H} \* 3600)
}
INSTALL_FAIL2BAN(){
if [ ! -e /etc/fail2ban/jail.local ];then
CHECK_OS
case "${release}" in
centos)
GET_SETTING_FAIL2BAN_INFO
yum -y install epel-release
yum -y install fail2ban;;
debian|ubuntu)
GET_SETTING_FAIL2BAN_INFO
apt-get -y install fail2ban;;
*)
echo "请使用CentOS,Debian,Ubuntu系统.";;
esac
else
echo "fail2ban已经安装了.";exit
fi
}
REMOVE_FAIL2BAN(){
if [ -e /etc/fail2ban/jail.local ];then
CHECK_OS
case "${release}" in
centos)
service fail2ban stop
yum -y remove fail2ban
rm -rf /etc/fail2ban/jail.local;;
debian|ubuntu)
service fail2ban stop
apt-get -y remove fail2ban
rm -rf /etc/fail2ban/jail.local;;
esac
else
echo "fail2ban尚未安装.";exit
fi
}
SETTING_FAIL2BAN(){
CHECK_OS
case "${release}" in
centos)
echo "[DEFAULT]
ignoreip = 127.0.0.1
bantime = 86400
maxretry = 3
findtime = 1800
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = ${BLOCKING_THRESHOLD}
findtime = 3600
bantime = ${BLOCKING_TIME_S}" > /etc/fail2ban/jail.local
if [ -e /usr/bin/systemctl ];then
systemctl restart fail2ban
systemctl enable fail2ban
systemctl restart sshd
else
service fail2ban restart
chkconfig fail2ban on
service ssh restart
fi;;
debian|ubuntu)
echo "[DEFAULT]
ignoreip = 127.0.0.1
bantime = 86400
maxretry = ${BLOCKING_THRESHOLD}
findtime = 1800
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log
maxretry = ${BLOCKING_THRESHOLD}
findtime = 3600
bantime = ${BLOCKING_TIME_S}" > /etc/fail2ban/jail.local
service fail2ban restart
service ssh restart;;
esac
}
VIEW_RUN_LOG(){
CHECK_OS
case "${release}" in
centos)
tail -f /var/log/secure;;
debian|ubuntu)
tail -f /var/log/auth.log;;
esac
}
case "${1}" in
install)
INSTALL_FAIL2BAN
SETTING_FAIL2BAN;;
uninstall)
REMOVE_FAIL2BAN;;
status)
echo -e "\033[41;37m【进程】\033[0m";ps aux | grep fail2ban
echo;echo -e "\033[41;37m【状态】\033[0m";fail2ban-client ping
echo;echo -e "\033[41;37m【Service】\033[0m";service fail2ban status;;
blocklist|bl)
if [ -e /etc/fail2ban/jail.local ];then
fail2ban-client status ssh-iptables
else
echo "fail2ban尚未安装.";exit
fi;;
unlock|ul)
if [ -e /etc/fail2ban/jail.local ];then
if [[ "${2}" = "" ]];then
read -p "请输入需要解封的IP:" UNLOCK_IP
if [[ ${UNLOCK_IP} = "" ]];then
echo "不允许空值,请重试.";exit
else
fail2ban-client set ssh-iptables unbanip ${UNLOCK_IP}
fi
else
fail2ban-client set ssh-iptables unbanip ${2}
fi
else
echo "fail2ban尚未安装.";exit
fi;;
more)
echo "【参考文章】
https://www.fail2ban.org
https://linux.cn/article-5067-1.html
【更多命令】
fail2ban-client -h";;
runlog)
VIEW_RUN_LOG;;
start)
service fail2ban start;;
stop)
service fail2ban stop;;
restart)
service fail2ban restart;;
*)
echo "bash fail2ban.sh {install|uninstall|runlog|more}"
echo "bash fail2ban.sh {start|stop|restart|status}"
echo "bash fail2ban.sh {blocklist|unlock}";;
esac
#END