|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
## check root
|
|
|
|
if [ "$EUID" -ne 0 ]
|
|
|
|
then echo "Lancer le script avec sudo svp"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
# choix SSH only ou avec Nginx filters
|
|
|
|
choice=$(whiptail --title "Fail2ban" --menu "Choisissez une option:" 15 60 4 \
|
|
|
|
"1" "Installer le filtre SSH seulement" \
|
|
|
|
"2" "Installer le filtre SSH et Nginx" \
|
|
|
|
"3" "Quitter" 3>&1 1>&2 2>&3)
|
|
|
|
exitstatus=$?
|
|
|
|
if [ $exitstatus = 0 ]; then
|
|
|
|
case $choice in
|
|
|
|
|
|
|
|
1)
|
|
|
|
echo "Vous avez choisi l'option SSH seulement."
|
|
|
|
# update et install fail2ban
|
|
|
|
apt update -y && apt install fail2ban -y
|
|
|
|
# copie des fichiers
|
|
|
|
cp fail2ban-conf/jail.local-ssh-only /etc/fail2ban/jail.local
|
|
|
|
cp fail2ban-conf/jail.conf /etc/fail2ban/jail.conf
|
|
|
|
;;
|
|
|
|
|
|
|
|
2)
|
|
|
|
echo "Vous avez choisi l'option SSH avec Nginx."
|
|
|
|
# update et install fail2ban
|
|
|
|
apt update -y && apt install fail2ban -y
|
|
|
|
# copie des fichiers
|
|
|
|
cp fail2ban-nginx-filters/* /etc/fail2ban/filter.d/
|
|
|
|
cp fail2ban-conf/jail.local-nginx /etc/fail2ban/jail.local
|
|
|
|
cp fail2ban-conf/jail.conf /etc/fail2ban/jail.conf
|
|
|
|
;;
|
|
|
|
|
|
|
|
3)
|
|
|
|
echo "Vous avez choisi de quitter, fail2ban ne serat pas installé"
|
|
|
|
exit
|
|
|
|
;;
|
|
|
|
|
|
|
|
esac
|
|
|
|
else
|
|
|
|
echo "Vous avez annulé."
|
|
|
|
fi
|
|
|
|
|
|
|
|
# recup de l'ip pour la conf
|
|
|
|
IP=$(ip route get 1.2.3.4 | awk '{print $7}')
|
|
|
|
# recup du port SSH (TODO: ajouter check si port SSH renseigné)
|
|
|
|
SSH=$(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
|
|
|
|
|
|
|
|
|
|
|
|
# change IP et SSH port
|
|
|
|
sed -i "s/IP/"$IP"/" /etc/fail2ban/jail.local
|
|
|
|
sed -i "s/SSH_PORT/"$SSH"/" /etc/fail2ban/jail.local
|
|
|
|
|
|
|
|
# changement dbpurge tout les ans
|
|
|
|
sed -i "s/1d/365d/" /etc/fail2ban/fail2ban.conf
|
|
|
|
|
|
|
|
systemctl restart fail2ban
|
|
|
|
systemctl status fail2ban
|
|
|
|
|
|
|
|
echo "la configuration pour les autres prisons que le SSH sont de 72h (bannissement à vie pour le SSH)"
|