feat: fail2ban plugin

scripts/fail2ban/install.sh

@@ -39,7 +39,7 @@ fi
 # 修改 fail2ban 配置文件
 sed -i 's!# logtarget.*!logtarget = /var/log/fail2ban.log!' /etc/fail2ban/fail2ban.conf
 sed -i 's!logtarget\s*=.*!logtarget = /var/log/fail2ban.log!' /etc/fail2ban/jail.conf
-cat >/etc/fail2ban/jail.local <<EOF
+cat > /etc/fail2ban/jail.local << EOF
 [DEFAULT]
 ignoreip = 127.0.0.1/8
 bantime = 600
@@ -78,8 +78,8 @@ if [ "${sshPort}" == "" ]; then
     sshPort="22"
 fi
 sed -i "s/port = 22/port = ${sshPort}/g" /etc/fail2ban/jail.local
-if [ -f "/etc/pure-ftpd/pure-ftpd.conf" ]; then
-    ftpPort=$(cat /etc/pure-ftpd/pure-ftpd.conf | grep "Bind" | awk '{print $2}' | awk -F "," '{print $2}')
+if [ -f "/www/server/pure-ftpd/etc/pure-ftpd.conf" ]; then
+    ftpPort=$(cat /www/server/pure-ftpd/etc/pure-ftpd.conf | grep "Bind" | awk '{print $2}' | awk -F "," '{print $2}')
 fi
 if [ "${ftpPort}" == "" ]; then
     ftpPort="21"
@@ -87,10 +87,17 @@ if [ "${ftpPort}" == "" ]; then
 else
     sed -i "s/port = 21/port = ${ftpPort}/g" /etc/fail2ban/jail.local
 fi
+
+# Debian 的特殊处理
+if [ "${OS}" == "debian" ]; then
+    sed -i "s/\/var\/log\/secure/\/var\/log\/auth.log/g" /etc/fail2ban/jail.local
+    sed -i "s/banaction = firewallcmd-ipset/banaction = ufw/g" /etc/fail2ban/jail.local
+fi
+
 # 启动 fail2ban
 systemctl unmask fail2ban
 systemctl daemon-reload
 systemctl enable fail2ban
 systemctl restart fail2ban
 
-panel writePlugin fail2ban
+panel writePlugin fail2ban 1.0.0

scripts/fail2ban/uninstall.sh

@@ -20,6 +20,8 @@ limitations under the License.
 HR="+----------------------------------------------------"
 OS=$(source /etc/os-release && { [[ "$ID" == "debian" ]] && echo "debian"; } || { [[ "$ID" == "centos" ]] || [[ "$ID" == "rhel" ]] || [[ "$ID" == "rocky" ]] || [[ "$ID" == "almalinux" ]] && echo "centos"; } || echo "unknown")
 
+fail2ban-client unban --all
+fail2ban-client stop
 systemctl stop fail2ban
 systemctl disable fail2ban
 

scripts/fail2ban/update.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
+
+: '
+Copyright 2022 HaoZi Technology Co., Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'
+
+HR="+----------------------------------------------------"
+OS=$(source /etc/os-release && { [[ "$ID" == "debian" ]] && echo "debian"; } || { [[ "$ID" == "centos" ]] || [[ "$ID" == "rhel" ]] || [[ "$ID" == "rocky" ]] || [[ "$ID" == "almalinux" ]] && echo "centos"; } || echo "unknown")
+
+if [ "${OS}" == "centos" ]; then
+    dnf install -y fail2ban
+elif [ "${OS}" == "debian" ]; then
+    apt install -y fail2ban
+else
+    echo -e $HR
+    echo "错误：不支持的操作系统"
+    exit 1
+fi
+
+if [ "$?" != "0" ]; then
+    echo -e $HR
+    echo "错误：fail2ban安装失败，请截图错误信息寻求帮助。"
+    exit 1
+fi