forked from FunctionClub/Fail2ban
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfail2ban.sh
executable file
·94 lines (93 loc) · 2.33 KB
/
fail2ban.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
clear
#CheckIfRoot
[ $(id -u) != "0" ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; }
#ReadSSHPort
[ -z "`grep ^Port /etc/ssh/sshd_config`" ] && ssh_port=22 || ssh_port=`grep ^Port /etc/ssh/sshd_config | awk '{print $2}'`
apt-get -y update
apt-get -y install lsb-release
#Read Imformation From The User
echo "Welcome to Fail2ban!"
echo "--------------------"
echo "This Shell Script only support ubuntu 20.04!!!"
echo ""
while :; do echo
read -p "Is your SSH Port = 22? [y/n]: " IfChangeSSHPort
if [ ${IfChangeSSHPort} == 'n' ]; then
if [ -e "/etc/ssh/sshd_config" ];then
while :; do echo
read -p "Please input SSH port(Default: $ssh_port): " SSH_PORT
[ -z "$SSH_PORT" ] && SSH_PORT=$ssh_port
if [ $SSH_PORT -eq 22 >/dev/null 2>&1 -o $SSH_PORT -gt 1024 >/dev/null 2>&1 -a $SSH_PORT -lt 65535 >/dev/null 2>&1 ];then
break
else
echo "${CWARNING}input error! Input range: 22,1025~65534${CEND}"
fi
done
fi
break
elif [ ${IfChangeSSHPort} == 'y' ]; then
SSH_PORT=22
break
else
echo "${CWARNING}Input error! Please only input y or n!${CEND}"
fi
done
ssh_port=$SSH_PORT
echo "ssh port =" $ssh_port
echo $ssh_port
echo ""
echo ""
read -p "Input the maximun times for trying [2-10]: " maxretry
echo ""
read -p "Input the lasting time for blocking a IP [hours]: " bantime
if [ ${maxretry} == '' ]; then
maxretry=3
fi
if [ ${bantime} == '' ];then
bantime=24
fi
((bantime=$bantime*60*60))
#Install
apt-get -y update
apt-get -y install fail2ban
apt-get -y install ufw
ufw default allow
if [ $ssh_port -eq 22 ];then
ufw allow 22
ufw allow 80
ufw allow 443
else
ufw allow $ssh_port
ufw allow 80
ufw allow 443
fi
systemctl start ufw
systemctl enable ufw
ufw --force enable
#Configure
rm -rf /etc/fail2ban/jail.local
touch /etc/fail2ban/jail.local
cat <<EOF >> /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1
bantime = 86400
maxretry = $maxretry
findtime = 1800
[ssh-ufw]
enabled = true
banaction = ufw
banaction_allports = ufw
filter = sshd
logpath = /var/log/auth.log
maxretry = $maxretry
findtime = 3600
bantime = $bantime
EOF
#Start
systemctl restart fail2ban
systemctl enable fail2ban
#Finish
echo "Finish Installing ! Reboot the sshd now !"
systemctl restart sshd
echo ""
echo "Fail2ban is now runing on this server now!"