From 54850130ae9dbe2cc748be747218986bf7e673a9 Mon Sep 17 00:00:00 2001 From: Martin Winkler Date: Thu, 18 Aug 2022 17:05:28 +0200 Subject: [PATCH] fail2ban - Adapt to new sequencer functions --- seqs/fail2ban.sh | 71 +++++++++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 31 deletions(-) diff --git a/seqs/fail2ban.sh b/seqs/fail2ban.sh index 33c2dd9..bd1854a 100755 --- a/seqs/fail2ban.sh +++ b/seqs/fail2ban.sh @@ -7,44 +7,51 @@ toolConfLoc="$toolConfDir/jail.local" toolFilter="$toolConfDir/filter.d" toolJails="$toolConfDir/jail.d" -# Get script working directory -# (when called from a different directory) -WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" -CONFIG=0 -CONFIG_FILE_NAME="${toolName}.cfg" -CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example" -CONFIG_DIR="$WDIR/fail2ban" -CONFIG_FILTER="$CONFIG_DIR/filter.d" -CONFIG_JAILS="$CONFIG_DIR/jail.d" +CONFIG_FILTER="${seq_dir:-}/filter.d" +CONFIG_JAILS="${seq_dir:-}/jail.d" -#step_config() { -# echo "Called once before executing steps." -# ## e.g. to source a config file manually: -# #. "$CONFIG_FILE" -# ## or to use sequencer api: -# #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE" -# #if [ $? -eq 0 ] ; then -# # CONFIG=1 -# #fi -#} +sq_aptOpt= +#sq_config=0 + +seq_config() { + ## Called once before executing steps. + ## e.g. to source a config file manually: + #. "${seq_origin:?}/${seq_configName:?}" + + ## or to use sequencer api with profile config file support: + #if initSeqConfig -p "${seq_fileName:?}" "${seq_configTemplate:?}" ; then + + ## or to use sequencer api with global config file: + #if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then + # sq_config=1 + #else + # # End if no configuration file exists + # dry || return 1 + #fi + + ## Apt cmdline option to suppress user interaction + interactive || sq_aptOpt="-y" + + ## Disable error checks if external scripts are used + ## e.g. error on unbound variables + #disableErrorCheck + + ## Return of non zero value will abort the sequence + return 0 +} step_1_info() { echo "Install $toolName"; } step_1_alias() { echo "install"; } step_1() { - local aptOpt= - if quiet;then - aptOpt="-y" - fi - exe apt update - exe apt install $toolDeps $aptOpt + exe apt install ${toolDeps} ${sq_aptOpt} } step_2_info() { echo "Base jail configuration to use ufw"; } step_2_alias() { echo "config"; } step_2() { - echo " [I] Create local configuration"; - addConf -f "$failConfLocal" "$toolConfLoc" + info "Create local configuration"; + addConf -a "$failConfLocal" "$toolConfLoc" exe service $toolName restart } failConfLocal="[DEFAULT] @@ -57,9 +64,9 @@ step_3_info() { echo "Add basic ip-blacklist"; } step_3_alias() { echo "blacklist"; } step_3() { echo " [I] Adding filter" - addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename $ipBlackListFilter)" - addConf -s -f "$ipBlackListJail" "$toolJails/$(basename $ipBlackListJail)" - addConf -s -f "$ipBlackList" "$toolConfDir/$(basename $ipBlackList)" + addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename -- "$ipBlackListFilter")" + addConf -s -f "$ipBlackListJail" "$toolJails/$(basename -- "$ipBlackListJail")" + addConf -s -f "$ipBlackList" "$toolConfDir/$(basename -- "$ipBlackList")" exe service $toolName restart } ipBlackList="$CONFIG_DIR/ip.blacklist" @@ -80,10 +87,12 @@ NOTES_EOF step_20_info() { echo "Install mailserver jail"; } step_20_alias() { echo "mail"; } step_20() { - addConf -s -f "$mailJail" "$toolJails/$(basename $mailJail)" + addConf -s -f "$mailJail" "$toolJails/$(basename -- "$mailJail")" exe service $toolName restart } mailJail="$CONFIG_JAILS/mail.conf" +# shellcheck disable=SC2034 # Appears unused readonly sqr_minVersion=16 +# shellcheck disable=SC1091 # Don't follow this source . /usr/local/bin/sequencer.sh