#!/bin/bash

## check root
if [ "$EUID" -ne 0 ]
  then echo "Lancer le script avec sudo svp"
  exit
fi

# update et install fail2ban
apt update -y && apt install fail2ban -y

# copie des confs
cp fail2ban-nginx-filter/* /etc/fail2ban/filter.d/
cp jail.local /etc/fail2ban/
rm -rf /etc/fail2ban/jail.d/*

# recup de l'ip pour la conf
IP=$(ip route get 1.2.3.4 | awk '{print $7}')
sed -i "s/IP/$IP/" /etc/fail2ban/jail.local

# recup du port ssh
SSH=$(grep Port /etc/ssh/sshd_config); SSH=${SSH##*(Port)}; SSH=${SSH%%*(#GatewayPorts no)}
sed -i "s/SSH_PORT/$SSH/" /etc/fail2ban/jail.local

# changement dbpurge
sed -i "s/1d/365d/" /etc/fail2ban/fail2ban.conf

systemctl restart fail2ban
fail2ban-client status

echo "la configuration pour les autres prisons que le SSH sont de 72h (bannissement à vie pour le SSH)"