60 lines
1.3 KiB
Bash
60 lines
1.3 KiB
Bash
#!/bin/bash
|
|
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
|
|
|
|
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.acepanel.net/public.sh)
|
|
if [ $? -ne 0 ]; then
|
|
echo "Download public.sh failed, please check the network or try again later."
|
|
exit 1
|
|
fi
|
|
|
|
channel=${1}
|
|
version=${2}
|
|
|
|
if [ ${OS} == "rhel" ]; then
|
|
dnf install -y fail2ban python3-systemd
|
|
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
|
|
apt-get install -y fail2ban python3-systemd
|
|
else
|
|
error "Unsupported operating system"
|
|
fi
|
|
|
|
if [ "$?" != "0" ]; then
|
|
error "Installation failed"
|
|
fi
|
|
|
|
# 修改 fail2ban 配置文件
|
|
cat >/etc/fail2ban/jail.local <<EOF
|
|
[DEFAULT]
|
|
backend = systemd
|
|
logtarget = SYSTEMD-JOURNAL
|
|
ignoreip = 127.0.0.1/8
|
|
bantime = 600
|
|
findtime = 300
|
|
maxretry = 5
|
|
banaction = firewallcmd-rich-rules
|
|
banaction_allports = firewallcmd-rich-rules
|
|
|
|
# ssh-START
|
|
[ssh]
|
|
enabled = true
|
|
filter = sshd
|
|
port = 22
|
|
maxretry = 5
|
|
findtime = 300
|
|
bantime = 86400
|
|
# ssh-END
|
|
EOF
|
|
# 替换端口
|
|
ssh=$(cat /etc/ssh/sshd_config | grep 'Port ' | awk '{print $2}')
|
|
if [ "${ssh}" == "" ]; then
|
|
ssh="22"
|
|
fi
|
|
sed -i "s/port = 22/port = ${ssh}/g" /etc/fail2ban/jail.local
|
|
|
|
# 启动 fail2ban
|
|
systemctl daemon-reload
|
|
systemctl unmask fail2ban
|
|
systemctl enable --now fail2ban
|
|
|
|
acepanel app write fail2ban ${channel} ${version}
|