99 lines
2.7 KiB
Bash
Executable File
99 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
toolName=fail2ban
|
|
toolDeps="$toolName"
|
|
toolConfDir="/etc/fail2ban"
|
|
toolConfLoc="$toolConfDir/jail.local"
|
|
toolFilter="$toolConfDir/filter.d"
|
|
toolJails="$toolConfDir/jail.d"
|
|
|
|
CONFIG_FILTER="${seq_dir:-}/filter.d"
|
|
CONFIG_JAILS="${seq_dir:-}/jail.d"
|
|
|
|
sq_aptOpt=
|
|
#sq_config=0
|
|
|
|
seq_config() {
|
|
## Called once before executing steps.
|
|
## e.g. to source a config file manually:
|
|
#. "${seq_origin:?}/${seq_configName:?}"
|
|
|
|
## or to use sequencer api with profile config file support:
|
|
#if initSeqConfig -p "${seq_fileName:?}" "${seq_configTemplate:?}" ; then
|
|
|
|
## or to use sequencer api with global config file:
|
|
#if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
|
|
# sq_config=1
|
|
#else
|
|
# # End if no configuration file exists
|
|
# dry || return 1
|
|
#fi
|
|
|
|
## Apt cmdline option to suppress user interaction
|
|
interactive || sq_aptOpt="-y"
|
|
|
|
## Disable error checks if external scripts are used
|
|
## e.g. error on unbound variables
|
|
#disableErrorCheck
|
|
|
|
## Return of non zero value will abort the sequence
|
|
return 0
|
|
}
|
|
|
|
step_1_info() { echo "Install $toolName"; }
|
|
step_1_alias() { echo "install"; }
|
|
step_1() {
|
|
exe apt update
|
|
exe apt install ${toolDeps} ${sq_aptOpt}
|
|
}
|
|
|
|
step_2_info() { echo "Base jail configuration to use ufw"; }
|
|
step_2_alias() { echo "config"; }
|
|
step_2() {
|
|
info "Create local configuration";
|
|
addConf -a "$failConfLocal" "$toolConfLoc"
|
|
exe service $toolName restart
|
|
}
|
|
failConfLocal="[DEFAULT]
|
|
|
|
banaction = ufw
|
|
banaction_multiport = ufw
|
|
ignoreip = 127.0.0.1/8 ::1"
|
|
|
|
step_3_info() { echo "Add basic ip-blacklist"; }
|
|
step_3_alias() { echo "blacklist"; }
|
|
step_3() {
|
|
echo " [I] Adding filter"
|
|
addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename -- "$ipBlackListFilter")"
|
|
addConf -s -f "$ipBlackListJail" "$toolJails/$(basename -- "$ipBlackListJail")"
|
|
addConf -s -f "$ipBlackList" "$toolConfDir/$(basename -- "$ipBlackList")"
|
|
exe service $toolName restart
|
|
}
|
|
ipBlackList="$CONFIG_DIR/ip.blacklist"
|
|
ipBlackListJail="$CONFIG_JAILS/ip-blacklist.conf"
|
|
ipBlackListFilter="$CONFIG_FILTER/ip-blacklist.conf"
|
|
|
|
step_4_info() { echo "$toolName notes"; }
|
|
step_4_alias() { echo "notes"; }
|
|
step_4() {
|
|
cat <<NOTES_EOF
|
|
# Syslog not readable by librenms (https://github.com/fail2ban/fail2ban/issues/2734)
|
|
[$toolConfDir/fail2ban.local]
|
|
[Definition]
|
|
logtarget = SYSLOG[format="%%(name)s[%%(process)d]: %%(levelname)s %%(message)s"]
|
|
NOTES_EOF
|
|
}
|
|
|
|
step_20_info() { echo "Install mailserver jail"; }
|
|
step_20_alias() { echo "mail"; }
|
|
step_20() {
|
|
addConf -s -f "$mailJail" "$toolJails/$(basename -- "$mailJail")"
|
|
exe service $toolName restart
|
|
}
|
|
mailJail="$CONFIG_JAILS/mail.conf"
|
|
|
|
# shellcheck disable=SC2034 # Appears unused
|
|
readonly sqr_minVersion=16
|
|
# shellcheck disable=SC1091 # Don't follow this source
|
|
. /usr/local/bin/sequencer.sh
|