BitMaster/LEMPer
1
0
Fork 0
mirror of https://github.com/joglomedia/LEMPer.git synced 2026-04-07 05:08:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
70d5c4e4988137bed52ded8d9f79fde02e17a310
LEMPer/scripts/install_fail2ban.sh
Edi Septriyanto a8fa42b27d Updated latest version.
2020-01-11 00:54:01 +07:00

133 lines
3.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Install Fail2ban
# Min. Requirement : GNU/Linux Ubuntu 14.04
# Last Build : 25/12/2019
# Author : ESLabs.ID (eslabs.id@gmail.com)
# Since Version : 1.3.0
# Include helper functions.
if [ "$(type -t run)" != "function" ]; then
BASEDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )
# shellchechk source=scripts/helper.sh
# shellcheck disable=SC1090
. "${BASEDIR}/helper.sh"
fi
# Make sure only root can run this installer script.
requires_root
##
# Install Fail2ban.
#
function init_fail2ban_install() {
local SELECTED_INSTALLER=""
if "${AUTO_INSTALL}"; then
if [[ -n "${FAIL2BAN_INSTALLER}" || "${FAIL2BAN_INSTALLER}" != "none" ]]; then
DO_INSTALL_FAIL2BAN="n"
else
DO_INSTALL_FAIL2BAN="y"
SELECTED_INSTALLER=${FAIL2BAN_INSTALLER:-"repo"}
fi
else
while [[ "${DO_INSTALL_FAIL2BAN}" != "y" && "${DO_INSTALL_FAIL2BAN}" != "n" ]]; do
read -rp "Do you want to install Fail2ban server? [y/n]: " -i y -e DO_INSTALL_FAIL2BAN
done
fi
if [[ ${DO_INSTALL_FAIL2BAN} == y* && ${INSTALL_FAIL2BAN} == true ]]; then
# Install menu.
echo "Available Fail2ban installation method:"
echo " 1). Install from Repository (repo)"
echo " 2). Compile from Source (source)"
echo "-------------------------------------"
while [[ ${SELECTED_INSTALLER} != "1" && ${SELECTED_INSTALLER} != "2" && ${SELECTED_INSTALLER} != "none" && \
${SELECTED_INSTALLER} != "repo" && ${SELECTED_INSTALLER} != "source" ]]; do
read -rp "Select an option [1-2]: " -e SELECTED_INSTALLER
done
case "${SELECTED_INSTALLER}" in
1|"repo")
echo "Installing Fail2ban from repository..."
if hash apt 2>/dev/null; then
run apt install -qq -y fail2ban sendmail
else
fail "Unable to install Fail2ban, this GNU/Linux distribution is not supported."
fi
;;
2|"source")
FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"0.10.5"}
local CURRENT_DIR && \
CURRENT_DIR=$(pwd)
run cd "${BUILD_DIR}"
# Install from source
# https://github.com/fail2ban/fail2ban
fail2ban_download_link="https://github.com/fail2ban/fail2ban/archive/${FAIL2BAN_VERSION}.tar.gz"
if curl -sL --head "${fail2ban_download_link}" | grep -q "HTTP/[.12]* [2].."; then
run wget -O fail2ban.tar.gz "${fail2ban_download_link}" && \
run tar -zxf fail2ban.tar.gz && \
run cd fail2ban-*/ && \
run python setup.py install && \
run cp files/debian-initd /etc/init.d/fail2ban && \
run update-rc.d fail2ban defaults
fi
run cd "${CURRENT_DIR}"
;;
esac
fi
if "${DRYRUN}"; then
info "Fail2ban installed in dryrun mode."
else
SSH_PORT=${SSH_PORT:-22}
# Enable jail
cat > /etc/fail2ban/jail.local <<_EOL_
[DEFAULT]
# banned for 30 days
bantime = 2592000
[sshd]
enabled = true
port = ssh,${SSH_PORT}
filter = sshd
#logpath = /var/log/auth.log
maxretry = 5
[nginx-http-auth]
enabled = true
port = http,https,8082,8083
maxretry = 5
[postfix]
enabled = true
logpath = /var/log/mail.log
maxretry = 5
[postfix-sasl]
enabled = true
port = smtp,465,587,submission,imap,imaps,pop3,pop3s
logpath = /var/log/mail.log
maxretry = 5
_EOL_
fi
run systemctl start fail2ban
}
echo "[Fail2ban Installation]"
# Start running things from a call at the end so if this script is executed
# after a partial download it doesn't do anything.
if [[ -n $(command -v fail2ban-server) ]]; then
info "Fail2ban already exists. Installation skipped..."
else
init_fail2ban_install "$@"
fi
Reference in New Issue View Git Blame Copy Permalink