Improve fail2ban installation and management issue #109

2026-04-11 15:38:43 +00:00 · 2021-12-11 22:07:55 +07:00
parent 85001fb895
commit 3918eca1b7
1 changed files with 37 additions and 37 deletions
--- a/scripts/install_fail2ban.sh
+++ b/scripts/install_fail2ban.sh
@@ -1,16 +1,16 @@
 #!/usr/bin/env bash

 # Install Fail2ban
-# Min. Requirement  : GNU/Linux Ubuntu 16.04
-# Last Build        : 05/06/2021
+# Min. Requirement  : GNU/Linux Ubuntu 18.04
+# Last Build        : 11/12/2021
 # Author            : MasEDI.Net (me@masedi.net)
 # Since Version     : 1.3.0

 # Include helper functions.
-if [ "$(type -t run)" != "function" ]; then
-    BASEDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )
+if [[ "$(type -t run)" != "function" ]]; then
+    BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )
    # shellcheck disable=SC1091
-    . "${BASEDIR}/helper.sh"
+    . "${BASE_DIR}/helper.sh"
 fi

 # Make sure only root can run this installer script.
@@ -18,13 +18,17 @@ requires_root

 ##
 # Install Fail2ban.
-#
+##
 function init_fail2ban_install() {
    local SELECTED_INSTALLER=""

-    if "${AUTO_INSTALL}"; then
-        DO_INSTALL_FAIL2BAN="y"
-        SELECTED_INSTALLER=${FAIL2BAN_INSTALLER:-"repo"}
+    if [[ "${AUTO_INSTALL}" == true ]]; then
+        if [[ "${INSTALL_FAIL2BAN}" == true ]]; then
+            DO_INSTALL_FAIL2BAN="y"
+            SELECTED_INSTALLER=${FAIL2BAN_INSTALLER:-"repo"}
+        else
+            DO_INSTALL_FAIL2BAN="n"
+        fi
    else
        while [[ "${DO_INSTALL_FAIL2BAN}" != "y" && "${DO_INSTALL_FAIL2BAN}" != "Y" && \
            "${DO_INSTALL_FAIL2BAN}" != "n" && "${DO_INSTALL_FAIL2BAN}" != "N" ]]; do
@@ -33,7 +37,6 @@ function init_fail2ban_install() {
    fi

    if [[ ${DO_INSTALL_FAIL2BAN} == y* || ${DO_INSTALL_FAIL2BAN} == Y* ]]; then
-        # Install menu.
        echo "Available Fail2ban installation method:"
        echo "  1). Install from Repository (repo)"
        echo "  2). Compile from Source (source)"
@@ -45,17 +48,14 @@ function init_fail2ban_install() {
        done

        case "${SELECTED_INSTALLER}" in
-            1|"repo")
+            1 | "repo")
                echo "Installing Fail2ban from repository..."
-
-                if hash apt-get 2>/dev/null; then
-                    run apt-get install -qq -y fail2ban sendmail
-                else
-                    fail "Unable to install Fail2ban, this GNU/Linux distribution is not supported."
-                fi
+                run apt-get install -qq -y fail2ban
            ;;
-            2|"source")
-                FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"0.10.5"}
+            2 | "source")
+                echo "Installing Fail2ban from source..."
+
+                FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"0.11.2"}
                local CURRENT_DIR && \
                CURRENT_DIR=$(pwd)
                run cd "${BUILD_DIR}" || return 1
@@ -65,7 +65,7 @@ function init_fail2ban_install() {
                fail2ban_download_link="https://github.com/fail2ban/fail2ban/archive/${FAIL2BAN_VERSION}.tar.gz"

                if curl -sLI "${fail2ban_download_link}" | grep -q "HTTP/[.12]* [2].."; then
-                    run wget -O fail2ban.tar.gz "${fail2ban_download_link}" && \
+                    run wget "${fail2ban_download_link}" -O fail2ban.tar.gz -q --show-progress && \
                    run tar -zxf fail2ban.tar.gz && \
                    run cd fail2ban-*/ && \
                    run python setup.py install && \
@@ -78,16 +78,16 @@ function init_fail2ban_install() {
        esac

        # Configure Fal2ban.
-        if "${DRYRUN}"; then
-            info "Configuring Fail2ban in dryrun mode."
-        else
+        echo "Configuring Fail2ban..."
+
+        if [[ "${DRYRUN}" != true ]]; then
            SSH_PORT=${SSH_PORT:-22}

            # Add Wordpress custom filter.
            run cp -f etc/fail2ban/filter.d/wordpress.conf /etc/fail2ban/filter.d/

            # Enable jail
-            cat > /etc/fail2ban/jail.local <<_EOL_
+            cat > /etc/fail2ban/jail.local <<EOL
 [DEFAULT]
 # banned for 30 days
 bantime = 30d
@@ -104,15 +104,14 @@ maxretry = 3

 [nginx-http-auth]
 enabled = true
-port    = http,https,8082,8083
+port = http,https,8082,8083
 maxretry = 3

-_EOL_
-        fi
+EOL

-        # Enable jail for Postfix & Dovecot
-        if "${INSTALL_MAILER}"; then
-            cat >> /etc/fail2ban/jail.local <<_EOL_
+            # Enable jail for Postfix & Dovecot
+            if [[ "${INSTALL_MAILER}" == true ]]; then
+                cat >> /etc/fail2ban/jail.local <<EOL
 [postfix]
 enabled = true
 logpath = /var/log/mail.log
@@ -120,25 +119,26 @@ maxretry = 3

 [postfix-sasl]
 enabled = true
-port     = smtp,465,587,submission,imap,imaps,pop3,pop3s
+port = smtp,465,587,submission,imap,imaps,pop3,pop3s
 logpath = /var/log/mail.log
 maxretry = 3

-_EOL_
+EOL
+            fi
        fi

-        # Restart Redis daemon.
+        # Restart Fail2ban daemon.
        echo "Starting Fail2ban server..."
        run systemctl start fail2ban

-        if "${DRYRUN}"; then
-            info "Fail2ban installed in dryrun mode."
-        else
+        if [[ "${DRYRUN}" != true ]]; then
            if [[ $(pgrep -c fail2ban-server) -gt 0 ]]; then
                success "Fail2ban server started successfully."
            else
                info "Something went wrong with Fail2ban installation."
            fi
+        else
+            info "Fail2ban installed in dry run mode."
        fi
    else
        info "Fail2ban installation skipped."
@@ -152,7 +152,7 @@ echo "[Fail2ban Installation]"
 if [[ -n $(command -v fail2ban-server) ]]; then
    info "Fail2ban already exists, installation skipped."
 else
-    if [[ ${INSTALL_FAIL2BAN} == true ]]; then
+    if [[ "${INSTALL_FAIL2BAN}" == true ]]; then
        init_fail2ban_install "$@"
    else
        info "Fail2ban installation skipped."