diff options
| author | MHSanaei <ho3ein.sanaei@gmail.com> | 2023-07-18 13:24:28 +0300 |
|---|---|---|
| committer | MHSanaei <ho3ein.sanaei@gmail.com> | 2023-07-18 13:25:01 +0300 |
| commit | 0311ae4d05fce9abcf63f65684e9e1392ce4e2b0 (patch) | |
| tree | 3da25660a2f922d58af6ecbc34aaf353a837655a | |
| parent | 6f09fae28b544e94e4a905184d4787913a79f9a8 (diff) | |
Revert
This reverts commit 9e433ea4c4b5083941752f12ae268c435b601aa5.
| -rw-r--r-- | x-ui.sh | 149 |
1 files changed, 93 insertions, 56 deletions
@@ -56,6 +56,13 @@ elif [[ "${release}" == "debian" ]]; then fi fi + +# Declare Variables +log_folder="${XUI_LOG_FOLDER:=/var/log}" +iplimit_log_path="${log_folder}/3xipl.log" +iplimit_banned_log_path="${log_folder}/3xipl-banned.log" + + confirm() { if [[ $# > 1 ]]; then echo && read -p "$1 [Default $2]: " temp @@ -696,6 +703,70 @@ run_speedtest() { speedtest } +create_iplimit_jails() { + # Use default bantime if not passed => 5 minutes + local bantime="${1:-5}" + + cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf +[3x-ipl] +enabled=true +filter=3x-ipl +action=3x-ipl +logpath=${iplimit_log_path} +maxretry=3 +findtime=100 +bantime=${bantime}m +EOF + + cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf +[Definition] +datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S +failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR> +ignoreregex = +EOF + + cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf +[INCLUDES] +before = iptables-common.conf + +[Definition] +actionstart = <iptables> -N f2b-<name> + <iptables> -A f2b-<name> -j <returntype> + <iptables> -I <chain> -p <protocol> -j f2b-<name> + +actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name> + <actionflush> + <iptables> -X f2b-<name> + +actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' + +actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> + echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> ${iplimit_banned_log_path} + +actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> + echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path} + +[Init] +EOF + + echo -e "${green}Created Ip Limit jail files with a bantime of ${bantime} minutes.${plain}" +} + +iplimit_remove_conflicts() { + local jail_files=( + /etc/fail2ban/jail.conf + /etc/fail2ban/jail.local + ) + + for file in "${jail_files[@]}"; do + # Check for [3x-ipl] config in jail file then remove it + if test -f "${file}" && grep -qw '3x-ipl' ${file}; then + sed -i "/\[3x-ipl\]/,/^$/d" ${file} + echo -e "${yellow}Removing conflicts of [3x-ipl] in jail (${file})!${plain}\n" + fi + done +} + iplimit_main() { echo -e "\n${green}\t1.${plain} Install Fail2ban and configure IP Limit" echo -e "${green}\t2.${plain} Change Ban Duration" @@ -707,24 +778,23 @@ iplimit_main() { case "$choice" in 0) show_menu ;; - 1) + 1) confirm "Proceed with installation of Fail2ban & IP Limit?" "y" if [[ $? == 0 ]]; then install_iplimit else iplimit_main fi ;; - 2) + 2) read -rp "Please enter new Ban Duration in Minutes [default 5]: " NUM if [[ $NUM =~ ^[0-9]+$ ]]; then - echo -e "\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/3xipl.log\nmaxretry=3\nfindtime=100\nbantime=${NUM}m" > /etc/fail2ban/jail.d/3x-ipl.conf + create_iplimit_jail ${NUM} systemctl restart fail2ban - echo -e "${green}Bantime set to ${NUM} minutes successfully.${plain}" else echo -e "${red}${NUM} is not a number! Please, try again.${plain}" fi iplimit_main ;; - 3) + 3) confirm "Proceed with Unbanning everyone from IP Limit jail?" "y" if [[ $? == 0 ]]; then fail2ban-client reload --restart --unban 3x-ipl @@ -735,9 +805,9 @@ iplimit_main() { fi iplimit_main ;; 4) - if test -f "/var/log/3xipl-banned.log"; then - if [[ -s "/var/log/3xipl-banned.log" ]]; then - cat /var/log/3xipl-banned.log + if test -f "${iplimit_banned_log_path}"; then + if [[ -s "${iplimit_banned_log_path}" ]]; then + cat ${iplimit_banned_log_path} else echo -e "${red}Log file is empty.${plain}\n" fi @@ -745,7 +815,7 @@ iplimit_main() { echo -e "${red}Log file not found. Please Install Fail2ban and IP Limit first.${plain}\n" iplimit_main fi ;; - 5) + 5) remove_iplimit ;; *) echo "Invalid choice" ;; esac @@ -757,7 +827,7 @@ install_iplimit() { # Check the OS and install necessary packages case "${release}" in ubuntu|debian) - apt-get update && apt-get install fail2ban -y ;; + apt update && apt install fail2ban -y ;; centos) yum -y update && yum -y install fail2ban ;; fedora) @@ -773,55 +843,22 @@ install_iplimit() { echo -e "${green}Configuring IP Limit...${plain}\n" - #Check if [3x-ipl] exists in jail.local (just making sure there's no double config for jail) - if grep -qw '3x-ipl' /etc/fail2ban/jail.local || grep -qw '3x-ipl' /etc/fail2ban/jail.conf; then - echo -e "${red}Found conflicts in /etc/fail2ban/jail.conf or jail.local file!\nPlease manually remove anything related 3x-ipl in that files and try again.\nInstallation of IP Limit failed.${plain}\n" - exit 1 - fi + # make sure there's no conflict for jail files + iplimit_remove_conflicts - #Check if log file exists - if ! test -f "/var/log/3xipl-banned.log"; then - touch /var/log/3xipl-banned.log + # Check if log file exists + if ! test -f "${iplimit_banned_log_path}"; then + touch ${iplimit_banned_log_path} fi - #Check if service log file exists so fail2ban won't return error - if ! test -f "/var/log/3xipl.log"; then - touch /var/log/3xipl.log + # Check if service log file exists so fail2ban won't return error + if ! test -f "${iplimit_log_path}"; then + touch ${iplimit_log_path} fi - - - echo -e "\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/3xipl.log\nmaxretry=3\nfindtime=100\nbantime=5m" > /etc/fail2ban/jail.d/3x-ipl.conf - - cat > /etc/fail2ban/filter.d/3x-ipl.conf << EOF -[Definition] -datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S -failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR> -ignoreregex = -EOF - - cat > /etc/fail2ban/action.d/3x-ipl.conf << 'EOF' -[INCLUDES] -before = iptables-common.conf -[Definition] -actionstart = <iptables> -N f2b-<name> - <iptables> -A f2b-<name> -j <returntype> - <iptables> -I <chain> -p <protocol> -j f2b-<name> - -actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name> - <actionflush> - <iptables> -X f2b-<name> - -actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' - -actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> - echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> /var/log/3xipl-banned.log - -actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> - echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> /var/log/3xipl-banned.log - -[Init] -EOF + # Create the iplimit jail files + # we didn't pass the bantime here to use the default value + create_iplimit_jails # Launching fail2ban if ! systemctl is-active --quiet fail2ban; then @@ -856,7 +893,7 @@ remove_iplimit(){ systemctl disable fail2ban case "${release}" in ubuntu|debian) - apt-get remove fail2ban -y ;; + apt remove fail2ban -y ;; centos) yum -y remove fail2ban ;; fedora) @@ -865,7 +902,7 @@ remove_iplimit(){ echo -e "${red}Unsupported operating system. Please uninstall Fail2ban manually.${plain}\n" exit 1 ;; esac - rm -rf /etc/fail2ban/* + rm -rf /etc/fail2ban echo -e "${green}Fail2ban and IP Limit removed successfully!${plain}\n" before_show_menu ;; 0) |