shell_sequencer/seqs/fail2ban.sh

#!/bin/bash

toolName=fail2ban
toolDeps="$toolName"
toolConfDir="/etc/fail2ban"
toolConfLoc="$toolConfDir/jail.local"
toolFilter="$toolConfDir/filter.d"
toolJails="$toolConfDir/jail.d"

# Get script working directory
# (when called from a different directory)
WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
CONFIG=0
CONFIG_FILE_NAME="${toolName}.cfg"
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
CONFIG_DIR="$WDIR/fail2ban"
CONFIG_FILTER="$CONFIG_DIR/filter.d"
CONFIG_JAILS="$CONFIG_DIR/jail.d"

#step_config() {
#  echo "Called once before executing steps."
#  ## e.g. to source a config file manually:
#  #. "$CONFIG_FILE"
#  ## or to use sequencer api:
#  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
#  #if [ $? -eq 0 ] ; then
#  #  CONFIG=1
#  #fi
#}

step_1_info() { echo "Install $toolName"; }
step_1_alias() { ALIAS="install"; }
step_1() {
  local aptOpt=
  if [ $QUIET -ne 0 ];then
    aptOpt="-y"
  fi

  exe apt update
  exe apt install $toolDeps $aptOpt
}

step_2_info() { echo "Base jail configuration to use ufw"; }
step_2_alias() { ALIAS="config"; }
step_2() {
  echo " [I] Create local configuration";
  addConf -f "$failConfLocal" "$toolConfLoc"
  exe service $toolName restart
}
failConfLocal="[DEFAULT]

banaction = ufw
banaction_multiport = ufw
ignoreip = 127.0.0.1/8 ::1"

step_3_info() { echo "Add basic ip-blacklist"; }
step_3_alias() { ALIAS="blacklist"; }
step_3() {
  echo " [I] Adding filter"
  addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename $ipBlackListFilter)"
  addConf -s -f "$ipBlackListJail" "$toolJails/$(basename $ipBlackListJail)"
  addConf -s -f "$ipBlackList" "$toolConfDir/$(basename $ipBlackList)"
  exe service $toolName restart
}
ipBlackList="$CONFIG_DIR/ip.blacklist"
ipBlackListJail="$CONFIG_JAILS/ip-blacklist.conf"
ipBlackListFilter="$CONFIG_FILTER/ip-blacklist.conf"

step_4_info() { echo "$toolName notes"; }
step_4_alias() { ALIAS="notes"; }
step_4() {
  cat <<NOTES_EOF
# Syslog not readable by librenms (https://github.com/fail2ban/fail2ban/issues/2734)
  [$toolConfDir/fail2ban.local]
   [Definition]
    logtarget = SYSLOG[format="%%(name)s[%%(process)d]: %%(levelname)s %%(message)s"]
NOTES_EOF
}

step_20_info() { echo "Install mailserver jail"; }
step_20_alias() { ALIAS="mail"; }
step_20() {
  addConf -s -f "$mailJail" "$toolJails/$(basename $mailJail)"
  exe service $toolName restart
}
mailJail="$CONFIG_JAILS/mail.conf"

VERSION_SEQREV=11
. /usr/local/bin/sequencer.sh