Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-09-10 04:06:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ReplaceCatWithVars - fail2ban

Browse source 
skip if already banned
This commit is contained in:
MHSanaei 2024-01-20 17:28:44 +03:30
parent 38378fe36f
commit 1cd93e8751
1 changed files with 213 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

115
x-ui.sh
View file

@ -70,13 +70,11 @@ elif [[ "${release}" == "armbian" ]]; then
echo "Your OS is Armbian" echo "Your OS is Armbian"
fi fi
# Declare Variables # Declare Variables
log_folder="${XUI_LOG_FOLDER:=/var/log}" log_folder="${XUI_LOG_FOLDER:=/var/log}"
iplimit_log_path="${log_folder}/3xipl.log" iplimit_log_path="${log_folder}/3xipl.log"
iplimit_banned_log_path="${log_folder}/3xipl-banned.log" iplimit_banned_log_path="${log_folder}/3xipl-banned.log"
confirm() { confirm() {
if [[ $# > 1 ]]; then if [[ $# > 1 ]]; then
echo && read -p "$1 [Default $2]: " temp echo && read -p "$1 [Default $2]: " temp
@ -582,9 +580,11 @@ ssl_cert_issue_main() {
read -p "Choose an option: " choice read -p "Choose an option: " choice
case "$choice" in case "$choice" in
0) 0)
show_menu ;; show_menu
;;
1) 1)
ssl_cert_issue ;; ssl_cert_issue
;;
2) 2)
local domain="" local domain=""
read -p "Please enter your domain name to revoke the certificate: " domain read -p "Please enter your domain name to revoke the certificate: " domain
@ -594,7 +594,8 @@ ssl_cert_issue_main() {
3) 3)
local domain="" local domain=""
read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
~/.acme.sh/acme.sh --renew -d ${domain} --force ;; ~/.acme.sh/acme.sh --renew -d ${domain} --force
;;
*) echo "Invalid choice" ;; *) echo "Invalid choice" ;;
esac esac
} }
@ -612,14 +613,18 @@ ssl_cert_issue() {
# install socat second # install socat second
case "${release}" in case "${release}" in
ubuntu | debian | armbian) ubuntu | debian | armbian)
apt update && apt install socat -y ;; apt update && apt install socat -y
;;
centos | almalinux | rocky) centos | almalinux | rocky)
yum -y update && yum -y install socat ;; yum -y update && yum -y install socat
;;
fedora) fedora)
dnf -y update && dnf -y install socat ;; dnf -y update && dnf -y install socat
;;
*) *)
echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n" echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
exit 1 ;; exit 1
;;
esac esac
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
LOGE "install socat failed, please check logs" LOGE "install socat failed, please check logs"
@ -783,7 +788,8 @@ warp_cloudflare() {
read -p "Choose an option: " choice read -p "Choose an option: " choice
case "$choice" in case "$choice" in
0) 0)
show_menu ;; show_menu
;;
1) 1)
bash <(curl -sSL https://raw.githubusercontent.com/hamid-gh98/x-ui-scripts/main/install_warp_proxy.sh) bash <(curl -sSL https://raw.githubusercontent.com/hamid-gh98/x-ui-scripts/main/install_warp_proxy.sh)
;; ;;
@ -810,7 +816,8 @@ multi_protocol() {
read -p "Choose an option: " choice read -p "Choose an option: " choice
case "$choice" in case "$choice" in
0) 0)
show_menu ;; show_menu
;;
1) 1)
bash <(curl -Ls https://raw.githubusercontent.com/M4mmad/3xui-multi-protocol/master/install.sh --ipv4) bash <(curl -Ls https://raw.githubusercontent.com/M4mmad/3xui-multi-protocol/master/install.sh --ipv4)
;; ;;
@ -862,32 +869,34 @@ run_speedtest() {
} }
create_iplimit_jails() { create_iplimit_jails() {
# Use default bantime if not passed => 30 minutes # Set default bantime to 30 minutes if not provided
local bantime="${1:-30}" local bantime="${1:-30}"
# uncomment allowipv6 = auto in fail2ban.conf # Uncomment 'allowipv6 = auto' in fail2ban.conf
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf
cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf # Create 3x-ipl jail configuration
[3x-ipl] jail_config="[3x-ipl]
enabled=true enabled=true
filter=3x-ipl filter=3x-ipl
action=3x-ipl action=3x-ipl
logpath=${iplimit_log_path} logpath=${iplimit_log_path}
maxretry=4 maxretry=4
findtime=60 findtime=60
bantime=${bantime}m bantime=${bantime}m"
EOF
cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf echo "$jail_config" >/etc/fail2ban/jail.d/3x-ipl.conf
[Definition]
# Create 3x-ipl filter definition
filter_definition="[Definition]
datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR> failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR>
ignoreregex = ignoreregex ="
EOF
cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf echo "$filter_definition" >/etc/fail2ban/filter.d/3x-ipl.conf
[INCLUDES]
# Create 3x-ipl action Definition
action_definition="[INCLUDES]
before = iptables-common.conf before = iptables-common.conf
[Definition] [Definition]
@ -907,10 +916,11 @@ actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path} echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path}
[Init] [Init]"
EOF
echo -e "${green}Created Ip Limit jail files with a bantime of ${bantime} minutes.${plain}" echo "$action_definition" >/etc/fail2ban/action.d/3x-ipl.conf
echo -e "${green}Ip Limit jail files created with a bantime of ${bantime} minutes.${plain}"
} }
iplimit_remove_conflicts() { iplimit_remove_conflicts() {
@ -939,23 +949,26 @@ iplimit_main() {
read -p "Choose an option: " choice read -p "Choose an option: " choice
case "$choice" in case "$choice" in
0) 0)
show_menu ;; show_menu
;;
1) 1)
confirm "Proceed with installation of Fail2ban & IP Limit?" "y" confirm "Proceed with installation of Fail2ban & IP Limit?" "y"
if [[ $? == 0 ]]; then if [[ $? == 0 ]]; then
install_iplimit install_iplimit
else else
iplimit_main iplimit_main
fi ;; fi
;;
2) 2)
read -rp "Please enter new Ban Duration in Minutes [default 5]: " NUM read -rp "Please enter new Ban Duration in Minutes [default 30]: " NUM
if [[ $NUM =~ ^[0-9]+$ ]]; then if [[ $NUM =~ ^[0-9]+$ ]]; then
create_iplimit_jails ${NUM} create_iplimit_jails ${NUM}
systemctl restart fail2ban systemctl restart fail2ban
else else
echo -e "${red}${NUM} is not a number! Please, try again.${plain}" echo -e "${red}${NUM} is not a number! Please, try again.${plain}"
fi fi
iplimit_main ;; iplimit_main
;;
3) 3)
confirm "Proceed with Unbanning everyone from IP Limit jail?" "y" confirm "Proceed with Unbanning everyone from IP Limit jail?" "y"
if [[ $? == 0 ]]; then if [[ $? == 0 ]]; then
@ -965,7 +978,8 @@ iplimit_main() {
else else
echo -e "${yellow}Cancelled.${plain}" echo -e "${yellow}Cancelled.${plain}"
fi fi
iplimit_main ;; iplimit_main
;;
4) 4)
show_banlog show_banlog
;; ;;
@ -974,7 +988,8 @@ iplimit_main() {
;; ;;
6) 6)
remove_iplimit ;; remove_iplimit
;;
*) echo "Invalid choice" ;; *) echo "Invalid choice" ;;
esac esac
} }
@ -988,15 +1003,19 @@ install_iplimit() {
ubuntu | debian) ubuntu | debian)
wget -O fail2ban.deb https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb wget -O fail2ban.deb https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb
wget -O fail2ban.deb.asc https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb.asc wget -O fail2ban.deb.asc https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb.asc
dpkg -i fail2ban.deb ;; dpkg -i fail2ban.deb
;;
centos | almalinux | rocky) centos | almalinux | rocky)
yum update -y && yum install epel-release -y yum update -y && yum install epel-release -y
yum -y install fail2ban ;; yum -y install fail2ban
;;
fedora) fedora)
dnf -y update && dnf -y install fail2ban ;; dnf -y update && dnf -y install fail2ban
;;
*) *)
echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n" echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
exit 1 ;; exit 1
;;
esac esac
if ! command -v fail2ban-client &>/dev/null; then if ! command -v fail2ban-client &>/dev/null; then
@ -1053,7 +1072,8 @@ remove_iplimit(){
rm -f /etc/fail2ban/jail.d/3x-ipl.conf rm -f /etc/fail2ban/jail.d/3x-ipl.conf
systemctl restart fail2ban systemctl restart fail2ban
echo -e "${green}IP Limit removed successfully!${plain}\n" echo -e "${green}IP Limit removed successfully!${plain}\n"
before_show_menu ;; before_show_menu
;;
2) 2)
rm -rf /etc/fail2ban rm -rf /etc/fail2ban
systemctl stop fail2ban systemctl stop fail2ban
@ -1061,25 +1081,32 @@ remove_iplimit(){
ubuntu | debian) ubuntu | debian)
apt-get remove -y fail2ban apt-get remove -y fail2ban
apt-get purge -y fail2ban -y apt-get purge -y fail2ban -y
apt-get autoremove -y;; apt-get autoremove -y
;;
centos | almalinux | rocky) centos | almalinux | rocky)
yum remove fail2ban -y yum remove fail2ban -y
yum autoremove -y;; yum autoremove -y
;;
fedora) fedora)
dnf remove fail2ban -y dnf remove fail2ban -y
dnf autoremove -y;; dnf autoremove -y
;;
*) *)
echo -e "${red}Unsupported operating system. Please uninstall Fail2ban manually.${plain}\n" echo -e "${red}Unsupported operating system. Please uninstall Fail2ban manually.${plain}\n"
exit 1 ;; exit 1
;;
esac esac
echo -e "${green}Fail2ban and IP Limit removed successfully!${plain}\n" echo -e "${green}Fail2ban and IP Limit removed successfully!${plain}\n"
before_show_menu ;; before_show_menu
;;
0) 0)
echo -e "${yellow}Cancelled.${plain}\n" echo -e "${yellow}Cancelled.${plain}\n"
iplimit_main ;; iplimit_main
;;
*) *)
echo -e "${red}Invalid option. Please select a valid number.${plain}\n" echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
remove_iplimit ;; remove_iplimit
;;
esac esac
} }