fail2ban - modernize implementation slightly
This commit is contained in:
@@ -1,14 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
toolName=fail2ban
|
readonly toolName=fail2ban
|
||||||
toolDeps="$toolName"
|
readonly toolDeps="$toolName"
|
||||||
toolConfDir="/etc/fail2ban"
|
readonly toolConfDir="/etc/fail2ban"
|
||||||
toolConfLoc="$toolConfDir/jail.local"
|
readonly toolConfLoc="$toolConfDir/jail.local"
|
||||||
toolFilter="$toolConfDir/filter.d"
|
readonly toolFilter="$toolConfDir/filter.d"
|
||||||
toolJails="$toolConfDir/jail.d"
|
readonly toolJails="$toolConfDir/jail.d"
|
||||||
|
|
||||||
CONFIG_FILTER="${seq_dir:-}/filter.d"
|
|
||||||
CONFIG_JAILS="${seq_dir:-}/jail.d"
|
|
||||||
|
|
||||||
sq_aptOpt=
|
sq_aptOpt=
|
||||||
#sq_config=0
|
#sq_config=0
|
||||||
@@ -36,6 +34,10 @@ seq_config() {
|
|||||||
## e.g. error on unbound variables
|
## e.g. error on unbound variables
|
||||||
#disableErrorCheck
|
#disableErrorCheck
|
||||||
|
|
||||||
|
sq_configDir="${seq_origin:?}/${toolName:?}"
|
||||||
|
sq_configFilter="${sq_configDir}/filter.d"
|
||||||
|
sq_configJails="${sq_configDir}/jail.d"
|
||||||
|
|
||||||
## Return of non zero value will abort the sequence
|
## Return of non zero value will abort the sequence
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@@ -63,15 +65,16 @@ ignoreip = 127.0.0.1/8 ::1"
|
|||||||
step_3_info() { echo "Add basic ip-blacklist"; }
|
step_3_info() { echo "Add basic ip-blacklist"; }
|
||||||
step_3_alias() { echo "blacklist"; }
|
step_3_alias() { echo "blacklist"; }
|
||||||
step_3() {
|
step_3() {
|
||||||
echo " [I] Adding filter"
|
local ipBlackList="${sq_configDir}/ip.blacklist"
|
||||||
|
local ipBlackListJail="$sq_configJails/ip-blacklist.conf"
|
||||||
|
local ipBlackListFilter="$sq_configFilter/ip-blacklist.conf"
|
||||||
|
|
||||||
|
info "Adding filter"
|
||||||
addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename -- "$ipBlackListFilter")"
|
addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename -- "$ipBlackListFilter")"
|
||||||
addConf -s -f "$ipBlackListJail" "$toolJails/$(basename -- "$ipBlackListJail")"
|
addConf -s -f "$ipBlackListJail" "$toolJails/$(basename -- "$ipBlackListJail")"
|
||||||
addConf -s -f "$ipBlackList" "$toolConfDir/$(basename -- "$ipBlackList")"
|
addConf -s -f "$ipBlackList" "$toolConfDir/$(basename -- "$ipBlackList")"
|
||||||
exe service $toolName restart
|
exe service $toolName restart
|
||||||
}
|
}
|
||||||
ipBlackList="$CONFIG_DIR/ip.blacklist"
|
|
||||||
ipBlackListJail="$CONFIG_JAILS/ip-blacklist.conf"
|
|
||||||
ipBlackListFilter="$CONFIG_FILTER/ip-blacklist.conf"
|
|
||||||
|
|
||||||
step_4_info() { echo "$toolName notes"; }
|
step_4_info() { echo "$toolName notes"; }
|
||||||
step_4_alias() { echo "notes"; }
|
step_4_alias() { echo "notes"; }
|
||||||
@@ -87,10 +90,10 @@ NOTES_EOF
|
|||||||
step_20_info() { echo "Install mailserver jail"; }
|
step_20_info() { echo "Install mailserver jail"; }
|
||||||
step_20_alias() { echo "mail"; }
|
step_20_alias() { echo "mail"; }
|
||||||
step_20() {
|
step_20() {
|
||||||
|
local mailJail="$sq_configJails/mail.conf"
|
||||||
addConf -s -f "$mailJail" "$toolJails/$(basename -- "$mailJail")"
|
addConf -s -f "$mailJail" "$toolJails/$(basename -- "$mailJail")"
|
||||||
exe service $toolName restart
|
exe service $toolName restart
|
||||||
}
|
}
|
||||||
mailJail="$CONFIG_JAILS/mail.conf"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034 # Appears unused
|
# shellcheck disable=SC2034 # Appears unused
|
||||||
readonly sqr_minVersion=16
|
readonly sqr_minVersion=16
|
||||||
|
|||||||
Reference in New Issue
Block a user