From 3918eca1b79613ce4f0d63e8dff06efaa5cc17f1 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sat, 11 Dec 2021 22:07:55 +0700 Subject: [PATCH] Improve fail2ban installation and management issue #109 --- scripts/install_fail2ban.sh | 74 ++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/scripts/install_fail2ban.sh b/scripts/install_fail2ban.sh index 4789f4a..622b76b 100755 --- a/scripts/install_fail2ban.sh +++ b/scripts/install_fail2ban.sh @@ -1,16 +1,16 @@ #!/usr/bin/env bash # Install Fail2ban -# Min. Requirement : GNU/Linux Ubuntu 16.04 -# Last Build : 05/06/2021 +# Min. Requirement : GNU/Linux Ubuntu 18.04 +# Last Build : 11/12/2021 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.3.0 # Include helper functions. -if [ "$(type -t run)" != "function" ]; then - BASEDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) +if [[ "$(type -t run)" != "function" ]]; then + BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 - . "${BASEDIR}/helper.sh" + . "${BASE_DIR}/helper.sh" fi # Make sure only root can run this installer script. @@ -18,13 +18,17 @@ requires_root ## # Install Fail2ban. -# +## function init_fail2ban_install() { local SELECTED_INSTALLER="" - if "${AUTO_INSTALL}"; then - DO_INSTALL_FAIL2BAN="y" - SELECTED_INSTALLER=${FAIL2BAN_INSTALLER:-"repo"} + if [[ "${AUTO_INSTALL}" == true ]]; then + if [[ "${INSTALL_FAIL2BAN}" == true ]]; then + DO_INSTALL_FAIL2BAN="y" + SELECTED_INSTALLER=${FAIL2BAN_INSTALLER:-"repo"} + else + DO_INSTALL_FAIL2BAN="n" + fi else while [[ "${DO_INSTALL_FAIL2BAN}" != "y" && "${DO_INSTALL_FAIL2BAN}" != "Y" && \ "${DO_INSTALL_FAIL2BAN}" != "n" && "${DO_INSTALL_FAIL2BAN}" != "N" ]]; do @@ -33,7 +37,6 @@ function init_fail2ban_install() { fi if [[ ${DO_INSTALL_FAIL2BAN} == y* || ${DO_INSTALL_FAIL2BAN} == Y* ]]; then - # Install menu. echo "Available Fail2ban installation method:" echo " 1). Install from Repository (repo)" echo " 2). Compile from Source (source)" @@ -45,17 +48,14 @@ function init_fail2ban_install() { done case "${SELECTED_INSTALLER}" in - 1|"repo") + 1 | "repo") echo "Installing Fail2ban from repository..." - - if hash apt-get 2>/dev/null; then - run apt-get install -qq -y fail2ban sendmail - else - fail "Unable to install Fail2ban, this GNU/Linux distribution is not supported." - fi + run apt-get install -qq -y fail2ban ;; - 2|"source") - FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"0.10.5"} + 2 | "source") + echo "Installing Fail2ban from source..." + + FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"0.11.2"} local CURRENT_DIR && \ CURRENT_DIR=$(pwd) run cd "${BUILD_DIR}" || return 1 @@ -65,7 +65,7 @@ function init_fail2ban_install() { fail2ban_download_link="https://github.com/fail2ban/fail2ban/archive/${FAIL2BAN_VERSION}.tar.gz" if curl -sLI "${fail2ban_download_link}" | grep -q "HTTP/[.12]* [2].."; then - run wget -O fail2ban.tar.gz "${fail2ban_download_link}" && \ + run wget "${fail2ban_download_link}" -O fail2ban.tar.gz -q --show-progress && \ run tar -zxf fail2ban.tar.gz && \ run cd fail2ban-*/ && \ run python setup.py install && \ @@ -78,16 +78,16 @@ function init_fail2ban_install() { esac # Configure Fal2ban. - if "${DRYRUN}"; then - info "Configuring Fail2ban in dryrun mode." - else + echo "Configuring Fail2ban..." + + if [[ "${DRYRUN}" != true ]]; then SSH_PORT=${SSH_PORT:-22} # Add Wordpress custom filter. run cp -f etc/fail2ban/filter.d/wordpress.conf /etc/fail2ban/filter.d/ # Enable jail - cat > /etc/fail2ban/jail.local <<_EOL_ + cat > /etc/fail2ban/jail.local <> /etc/fail2ban/jail.local <<_EOL_ + # Enable jail for Postfix & Dovecot + if [[ "${INSTALL_MAILER}" == true ]]; then + cat >> /etc/fail2ban/jail.local <