opensource/download
opensource/download
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
download/panel/fail2ban/install.sh

78 lines
2.1 KiB (Stored with Git LFS)
Bash
Raw Blame History

#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
: '
Copyright (C) 2022 - now HaoZi Technology Co., Ltd.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
echo "下载 public.sh 失败,请检查网络或稍后重试。"
echo "Download public.sh failed, please check the network or try again later."
exit 1
fi
channel=${1}
version=${2}
if [ ${OS} == "rhel" ]; then
dnf install -y fail2ban python3-systemd
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
apt-get install -y fail2ban python3-systemd
else
error "不支持的操作系统"
fi
if [ "$?" != "0" ]; then
error "fail2ban 安装失败"
fi
# 修改 fail2ban 配置文件
cat >/etc/fail2ban/jail.local <<EOF
[DEFAULT]
backend = systemd
logtarget = SYSTEMD-JOURNAL
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 300
maxretry = 5
banaction = firewallcmd-rich-rules
banaction_allports = firewallcmd-rich-rules
# ssh-START
[ssh]
enabled = true
filter = sshd
port = 22
maxretry = 5
findtime = 300
bantime = 86400
# ssh-END
EOF
# 替换端口
ssh=$(cat /etc/ssh/sshd_config | grep 'Port ' | awk '{print $2}')
if [ "${ssh}" == "" ]; then
ssh="22"
fi
sed -i "s/port = 22/port = ${ssh}/g" /etc/fail2ban/jail.local
# 启动 fail2ban
systemctl daemon-reload
systemctl unmask fail2ban
systemctl enable --now fail2ban
panel-cli app write fail2ban ${channel} ${version}
Reference in New Issue View Git Blame Copy Permalink