From f55af5829e4147d0382ca31dc51a8927d2d5500b Mon Sep 17 00:00:00 2001
From: greglebreton <greg.lebreton@hotmail.com>
Date: Fri, 3 Feb 2023 16:45:03 +0100
Subject: [PATCH] ajout choix ssh only ou nginx filters + debug

---
 README.md                                     |  6 +-
 .../{jail.local => jail.local-nginx}          |  8 ---
 fail2ban-conf/jail.local-ssh-only             | 18 ++++++
 install.sh                                    | 58 ++++++++++++++-----
 4 files changed, 66 insertions(+), 24 deletions(-)
 rename fail2ban-conf/{jail.local => jail.local-nginx} (90%)
 create mode 100644 fail2ban-conf/jail.local-ssh-only

diff --git a/README.md b/README.md
index 5a565f2..663a4e7 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ bantime = 259200
 maxretry = 100
 ```
 
-Note:
+> Note:
 - Filter renvoie à la configuration de la prison quant aux lois qui la provoque (sous la forme de REGEX)
 - Action est les processus mis en place pour bannir l'IP, les configurations se trouvent dans /etc/fail2ban/action.d/
 - Logpath correspond au chemin des logs à surveiller.
@@ -71,10 +71,10 @@ sudo fail2ban-client status ssh
 
 - Bannir une IP manuellement:
 ```bash
-fail2ban-client set [nom de la prison] banip [IP concerné]
+sudo fail2ban-client set [nom de la prison] banip [IP concerné]
 ```
 
 - Débannir une IP manuellement:
 ```bash
-fail2ban-client set [nom de la prison] unbanip [IP concerné]
+sudo fail2ban-client unban [IP concerné] [nom de la prison]
 ```
diff --git a/fail2ban-conf/jail.local b/fail2ban-conf/jail.local-nginx
similarity index 90%
rename from fail2ban-conf/jail.local
rename to fail2ban-conf/jail.local-nginx
index 8b23c42..51b99d8 100644
--- a/fail2ban-conf/jail.local
+++ b/fail2ban-conf/jail.local-nginx
@@ -16,14 +16,6 @@ port     = http,https
 logpath  = /var/log/nginx/*error.log
 bantime = 259200
 
-#[nginx-badbots]
-
-#enabled  = true
-#port     = http,https
-#filter   = nginx-badbots
-#logpath  = /var/log/nginx/access.log
-#maxretry = 2
-
 [nginx-badbots]
 
 enabled = true
diff --git a/fail2ban-conf/jail.local-ssh-only b/fail2ban-conf/jail.local-ssh-only
new file mode 100644
index 0000000..183ff6f
--- /dev/null
+++ b/fail2ban-conf/jail.local-ssh-only
@@ -0,0 +1,18 @@
+[DEFAULT]
+
+ignoreip = 127.0.0.1/8 IP
+bantime = 3600
+findtime = 3600
+#mta = mail
+#destemail = 
+#sendername = Fail2BanAlerts
+#action = %(action_mwl)s
+
+[ssh]
+
+enabled = true
+port = SSH_PORT
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 3
+bantime = -1
\ No newline at end of file
diff --git a/install.sh b/install.sh
index bcefd3d..2115993 100755
--- a/install.sh
+++ b/install.sh
@@ -6,26 +6,58 @@ if [ "$EUID" -ne 0 ]
   exit
 fi
 
-# update et install fail2ban
-apt update -y && apt install fail2ban -y
-
-# copie des confs
-cp fail2ban-nginx-filters/* /etc/fail2ban/filter.d/
-cp fail2ban-conf/* /etc/fail2ban/
-rm -rf /etc/fail2ban/jail.d/*
+# choix SSH only ou avec Nginx filters
+choice=$(whiptail --title "Fail2ban" --menu "Choisissez une option:" 15 60 4 \
+"1" "Installer le filtre SSH seulement" \
+"2" "Installer le filtre SSH et Nginx" \
+"3" "Quitter" 3>&1 1>&2 2>&3)
+exitstatus=$?
+if [ $exitstatus = 0 ]; then
+    case $choice in
+
+        1)
+            echo "Vous avez choisi l'option SSH seulement."
+            # update et install fail2ban
+            apt update -y && apt install fail2ban -y
+            # copie des fichiers
+            cp fail2ban-conf/jail.local-ssh-only /etc/fail2ban/jail.local
+            cp fail2ban-conf/jail.conf /etc/fail2ban/jail.conf
+            ;;
+
+        2)
+            echo "Vous avez choisi l'option SSH avec Nginx."
+            # update et install fail2ban
+            apt update -y && apt install fail2ban -y
+            # copie des fichiers
+            cp fail2ban-nginx-filters/* /etc/fail2ban/filter.d/
+            cp fail2ban-conf/jail.local-nginx /etc/fail2ban/jail.local
+            cp fail2ban-conf/jail.conf /etc/fail2ban/jail.conf
+            ;;
+
+        3)
+            echo "Vous avez choisi de quitter, fail2ban ne serat pas installé"
+            exit
+            ;;
+
+    esac
+else
+    echo "Vous avez annulé."
+fi
 
 # recup de l'ip pour la conf
 IP=$(ip route get 1.2.3.4 | awk '{print $7}')
-sed -i "s/IP/$IP/" /etc/fail2ban/jail.local
+# recup du port SSH (TODO: ajouter check si port SSH renseigné)
+SSH=$(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
+
 
-# recup du port ssh
-SSH=$(grep Port /etc/ssh/sshd_config); SSH=${SSH##*(Port)}; SSH=${SSH%%*(#GatewayPorts no)}
-sed -i "s/SSH_PORT/$SSH/" /etc/fail2ban/jail.local
+# change IP et SSH port
+sed -i "s/IP/"$IP"/" /etc/fail2ban/jail.local
+sed -i "s/SSH_PORT/"$SSH"/" /etc/fail2ban/jail.local
 
-# changement dbpurge
+# changement dbpurge tout les ans
 sed -i "s/1d/365d/" /etc/fail2ban/fail2ban.conf
 
 systemctl restart fail2ban
-fail2ban-client status
+systemctl status fail2ban
 
 echo "la configuration pour les autres prisons que le SSH sont de 72h (bannissement à vie pour le SSH)"
\ No newline at end of file