85 lines
2.3 KiB (Stored with Git LFS)
Bash
85 lines
2.3 KiB (Stored with Git LFS)
Bash
#!/bin/bash
|
|
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
|
|
|
|
: '
|
|
Copyright (C) 2022 - now HaoZi Technology Co., Ltd.
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License as published
|
|
by the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
'
|
|
|
|
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
|
|
if [ $? -ne 0 ]; then
|
|
echo "下载 public.sh 失败,请检查网络或稍后重试。"
|
|
echo "Download public.sh failed, please check the network or try again later."
|
|
exit 1
|
|
fi
|
|
|
|
channel=${1}
|
|
version=${2}
|
|
|
|
if [ ${OS} == "rhel" ]; then
|
|
dnf install -y fail2ban
|
|
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
|
|
apt-get install -y fail2ban
|
|
else
|
|
error "不支持的操作系统"
|
|
fi
|
|
|
|
if [ "$?" != "0" ]; then
|
|
error "fail2ban 安装失败"
|
|
fi
|
|
|
|
# 修改 fail2ban 配置文件
|
|
sed -i 's!# logtarget.*!logtarget = /var/log/fail2ban.log!' /etc/fail2ban/fail2ban.conf
|
|
sed -i 's!logtarget\s*=.*!logtarget = /var/log/fail2ban.log!' /etc/fail2ban/jail.conf
|
|
cat >/etc/fail2ban/jail.local <<EOF
|
|
[DEFAULT]
|
|
ignoreip = 127.0.0.1/8
|
|
bantime = 600
|
|
findtime = 300
|
|
maxretry = 5
|
|
banaction = firewallcmd-ipset
|
|
action = %(action_mwl)s
|
|
|
|
# ssh-START
|
|
[ssh]
|
|
enabled = true
|
|
filter = sshd
|
|
port = 22
|
|
maxretry = 5
|
|
findtime = 300
|
|
bantime = 86400
|
|
action = %(action_mwl)s
|
|
logpath = /var/log/secure
|
|
# ssh-END
|
|
EOF
|
|
# 替换端口
|
|
ssh=$(cat /etc/ssh/sshd_config | grep 'Port ' | awk '{print $2}')
|
|
if [ "${ssh}" == "" ]; then
|
|
ssh="22"
|
|
fi
|
|
sed -i "s/port = 22/port = ${ssh}/g" /etc/fail2ban/jail.local
|
|
|
|
# Debian系的特殊处理
|
|
if [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
|
|
sed -i "s/\/var\/log\/secure/\/var\/log\/auth.log/g" /etc/fail2ban/jail.local
|
|
fi
|
|
|
|
# 启动 fail2ban
|
|
systemctl daemon-reload
|
|
systemctl unmask fail2ban
|
|
systemctl enable --now fail2ban
|
|
|
|
panel-cli app write fail2ban ${channel} ${version}
|