|
|
@@ -56,6 +56,13 @@ elif [[ "${release}" == "debian" ]]; then
|
|
|
fi
|
|
|
fi
|
|
|
|
|
|
+
|
|
|
+# Declare Variables
|
|
|
+log_folder="${XUI_LOG_FOLDER:=/var/log}"
|
|
|
+iplimit_log_path="${log_folder}/3xipl.log"
|
|
|
+iplimit_banned_log_path="${log_folder}/3xipl-banned.log"
|
|
|
+
|
|
|
+
|
|
|
confirm() {
|
|
|
if [[ $# > 1 ]]; then
|
|
|
echo && read -p "$1 [Default $2]: " temp
|
|
|
@@ -696,6 +703,70 @@ run_speedtest() {
|
|
|
speedtest
|
|
|
}
|
|
|
|
|
|
+create_iplimit_jails() {
|
|
|
+ # Use default bantime if not passed => 5 minutes
|
|
|
+ local bantime="${1:-5}"
|
|
|
+
|
|
|
+ cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf
|
|
|
+[3x-ipl]
|
|
|
+enabled=true
|
|
|
+filter=3x-ipl
|
|
|
+action=3x-ipl
|
|
|
+logpath=${iplimit_log_path}
|
|
|
+maxretry=3
|
|
|
+findtime=100
|
|
|
+bantime=${bantime}m
|
|
|
+EOF
|
|
|
+
|
|
|
+ cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf
|
|
|
+[Definition]
|
|
|
+datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
|
|
|
+failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR>
|
|
|
+ignoreregex =
|
|
|
+EOF
|
|
|
+
|
|
|
+ cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf
|
|
|
+[INCLUDES]
|
|
|
+before = iptables-common.conf
|
|
|
+
|
|
|
+[Definition]
|
|
|
+actionstart = <iptables> -N f2b-<name>
|
|
|
+ <iptables> -A f2b-<name> -j <returntype>
|
|
|
+ <iptables> -I <chain> -p <protocol> -j f2b-<name>
|
|
|
+
|
|
|
+actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
|
|
|
+ <actionflush>
|
|
|
+ <iptables> -X f2b-<name>
|
|
|
+
|
|
|
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
|
|
|
+
|
|
|
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
|
|
|
+ echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> ${iplimit_banned_log_path}
|
|
|
+
|
|
|
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
|
|
|
+ echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path}
|
|
|
+
|
|
|
+[Init]
|
|
|
+EOF
|
|
|
+
|
|
|
+ echo -e "${green}Created Ip Limit jail files with a bantime of ${bantime} minutes.${plain}"
|
|
|
+}
|
|
|
+
|
|
|
+iplimit_remove_conflicts() {
|
|
|
+ local jail_files=(
|
|
|
+ /etc/fail2ban/jail.conf
|
|
|
+ /etc/fail2ban/jail.local
|
|
|
+ )
|
|
|
+
|
|
|
+ for file in "${jail_files[@]}"; do
|
|
|
+ # Check for [3x-ipl] config in jail file then remove it
|
|
|
+ if test -f "${file}" && grep -qw '3x-ipl' ${file}; then
|
|
|
+ sed -i "/\[3x-ipl\]/,/^$/d" ${file}
|
|
|
+ echo -e "${yellow}Removing conflicts of [3x-ipl] in jail (${file})!${plain}\n"
|
|
|
+ fi
|
|
|
+ done
|
|
|
+}
|
|
|
+
|
|
|
iplimit_main() {
|
|
|
echo -e "\n${green}\t1.${plain} Install Fail2ban and configure IP Limit"
|
|
|
echo -e "${green}\t2.${plain} Change Ban Duration"
|
|
|
@@ -707,24 +778,23 @@ iplimit_main() {
|
|
|
case "$choice" in
|
|
|
0)
|
|
|
show_menu ;;
|
|
|
- 1)
|
|
|
+ 1)
|
|
|
confirm "Proceed with installation of Fail2ban & IP Limit?" "y"
|
|
|
if [[ $? == 0 ]]; then
|
|
|
install_iplimit
|
|
|
else
|
|
|
iplimit_main
|
|
|
fi ;;
|
|
|
- 2)
|
|
|
+ 2)
|
|
|
read -rp "Please enter new Ban Duration in Minutes [default 5]: " NUM
|
|
|
if [[ $NUM =~ ^[0-9]+$ ]]; then
|
|
|
- echo -e "\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/3xipl.log\nmaxretry=3\nfindtime=100\nbantime=${NUM}m" > /etc/fail2ban/jail.d/3x-ipl.conf
|
|
|
+ create_iplimit_jail ${NUM}
|
|
|
systemctl restart fail2ban
|
|
|
- echo -e "${green}Bantime set to ${NUM} minutes successfully.${plain}"
|
|
|
else
|
|
|
echo -e "${red}${NUM} is not a number! Please, try again.${plain}"
|
|
|
fi
|
|
|
iplimit_main ;;
|
|
|
- 3)
|
|
|
+ 3)
|
|
|
confirm "Proceed with Unbanning everyone from IP Limit jail?" "y"
|
|
|
if [[ $? == 0 ]]; then
|
|
|
fail2ban-client reload --restart --unban 3x-ipl
|
|
|
@@ -735,9 +805,9 @@ iplimit_main() {
|
|
|
fi
|
|
|
iplimit_main ;;
|
|
|
4)
|
|
|
- if test -f "/var/log/3xipl-banned.log"; then
|
|
|
- if [[ -s "/var/log/3xipl-banned.log" ]]; then
|
|
|
- cat /var/log/3xipl-banned.log
|
|
|
+ if test -f "${iplimit_banned_log_path}"; then
|
|
|
+ if [[ -s "${iplimit_banned_log_path}" ]]; then
|
|
|
+ cat ${iplimit_banned_log_path}
|
|
|
else
|
|
|
echo -e "${red}Log file is empty.${plain}\n"
|
|
|
fi
|
|
|
@@ -745,7 +815,7 @@ iplimit_main() {
|
|
|
echo -e "${red}Log file not found. Please Install Fail2ban and IP Limit first.${plain}\n"
|
|
|
iplimit_main
|
|
|
fi ;;
|
|
|
- 5)
|
|
|
+ 5)
|
|
|
remove_iplimit ;;
|
|
|
*) echo "Invalid choice" ;;
|
|
|
esac
|
|
|
@@ -757,7 +827,7 @@ install_iplimit() {
|
|
|
# Check the OS and install necessary packages
|
|
|
case "${release}" in
|
|
|
ubuntu|debian)
|
|
|
- apt-get update && apt-get install fail2ban -y ;;
|
|
|
+ apt update && apt install fail2ban -y ;;
|
|
|
centos)
|
|
|
yum -y update && yum -y install fail2ban ;;
|
|
|
fedora)
|
|
|
@@ -773,55 +843,22 @@ install_iplimit() {
|
|
|
|
|
|
echo -e "${green}Configuring IP Limit...${plain}\n"
|
|
|
|
|
|
- #Check if [3x-ipl] exists in jail.local (just making sure there's no double config for jail)
|
|
|
- if grep -qw '3x-ipl' /etc/fail2ban/jail.local || grep -qw '3x-ipl' /etc/fail2ban/jail.conf; then
|
|
|
- echo -e "${red}Found conflicts in /etc/fail2ban/jail.conf or jail.local file!\nPlease manually remove anything related 3x-ipl in that files and try again.\nInstallation of IP Limit failed.${plain}\n"
|
|
|
- exit 1
|
|
|
- fi
|
|
|
+ # make sure there's no conflict for jail files
|
|
|
+ iplimit_remove_conflicts
|
|
|
|
|
|
- #Check if log file exists
|
|
|
- if ! test -f "/var/log/3xipl-banned.log"; then
|
|
|
- touch /var/log/3xipl-banned.log
|
|
|
+ # Check if log file exists
|
|
|
+ if ! test -f "${iplimit_banned_log_path}"; then
|
|
|
+ touch ${iplimit_banned_log_path}
|
|
|
fi
|
|
|
|
|
|
- #Check if service log file exists so fail2ban won't return error
|
|
|
- if ! test -f "/var/log/3xipl.log"; then
|
|
|
- touch /var/log/3xipl.log
|
|
|
+ # Check if service log file exists so fail2ban won't return error
|
|
|
+ if ! test -f "${iplimit_log_path}"; then
|
|
|
+ touch ${iplimit_log_path}
|
|
|
fi
|
|
|
-
|
|
|
-
|
|
|
- echo -e "\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/3xipl.log\nmaxretry=3\nfindtime=100\nbantime=5m" > /etc/fail2ban/jail.d/3x-ipl.conf
|
|
|
-
|
|
|
- cat > /etc/fail2ban/filter.d/3x-ipl.conf << EOF
|
|
|
-[Definition]
|
|
|
-datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
|
|
|
-failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR>
|
|
|
-ignoreregex =
|
|
|
-EOF
|
|
|
-
|
|
|
- cat > /etc/fail2ban/action.d/3x-ipl.conf << 'EOF'
|
|
|
-[INCLUDES]
|
|
|
-before = iptables-common.conf
|
|
|
|
|
|
-[Definition]
|
|
|
-actionstart = <iptables> -N f2b-<name>
|
|
|
- <iptables> -A f2b-<name> -j <returntype>
|
|
|
- <iptables> -I <chain> -p <protocol> -j f2b-<name>
|
|
|
-
|
|
|
-actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
|
|
|
- <actionflush>
|
|
|
- <iptables> -X f2b-<name>
|
|
|
-
|
|
|
-actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
|
|
|
-
|
|
|
-actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
|
|
|
- echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> /var/log/3xipl-banned.log
|
|
|
-
|
|
|
-actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
|
|
|
- echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> /var/log/3xipl-banned.log
|
|
|
-
|
|
|
-[Init]
|
|
|
-EOF
|
|
|
+ # Create the iplimit jail files
|
|
|
+ # we didn't pass the bantime here to use the default value
|
|
|
+ create_iplimit_jails
|
|
|
|
|
|
# Launching fail2ban
|
|
|
if ! systemctl is-active --quiet fail2ban; then
|
|
|
@@ -856,7 +893,7 @@ remove_iplimit(){
|
|
|
systemctl disable fail2ban
|
|
|
case "${release}" in
|
|
|
ubuntu|debian)
|
|
|
- apt-get remove fail2ban -y ;;
|
|
|
+ apt remove fail2ban -y ;;
|
|
|
centos)
|
|
|
yum -y remove fail2ban ;;
|
|
|
fedora)
|
|
|
@@ -865,7 +902,7 @@ remove_iplimit(){
|
|
|
echo -e "${red}Unsupported operating system. Please uninstall Fail2ban manually.${plain}\n"
|
|
|
exit 1 ;;
|
|
|
esac
|
|
|
- rm -rf /etc/fail2ban/*
|
|
|
+ rm -rf /etc/fail2ban
|
|
|
echo -e "${green}Fail2ban and IP Limit removed successfully!${plain}\n"
|
|
|
before_show_menu ;;
|
|
|
0)
|
MHSanaei