Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-09-09 19:56:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ReplaceCatWithVars - fail2ban

Browse source 
skip if already banned
This commit is contained in:
MHSanaei 2024-01-20 17:28:44 +03:30
parent 38378fe36f
commit 1cd93e8751
1 changed files with 213 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

115
x-ui.sh
View file

@ -70,13 +70,11 @@ elif [[ "${release}" == "armbian" ]]; then
echo "Your OS is Armbian"
fi
# Declare Variables
log_folder="${XUI_LOG_FOLDER:=/var/log}"
iplimit_log_path="${log_folder}/3xipl.log"
iplimit_banned_log_path="${log_folder}/3xipl-banned.log"
confirm() {
if [[ $# > 1 ]]; then
echo && read -p "$1 [Default $2]: " temp
@ -582,9 +580,11 @@ ssl_cert_issue_main() {
read -p "Choose an option: " choice
case "$choice" in
0)
show_menu ;;
show_menu
;;
1)
ssl_cert_issue ;;
ssl_cert_issue
;;
2)
local domain=""
read -p "Please enter your domain name to revoke the certificate: " domain
@ -594,7 +594,8 @@ ssl_cert_issue_main() {
3)
local domain=""
read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
~/.acme.sh/acme.sh --renew -d ${domain} --force ;;
~/.acme.sh/acme.sh --renew -d ${domain} --force
;;
*) echo "Invalid choice" ;;
esac
}
@ -612,14 +613,18 @@ ssl_cert_issue() {
# install socat second
case "${release}" in
ubuntu | debian | armbian)
apt update && apt install socat -y ;;
apt update && apt install socat -y
;;
centos | almalinux | rocky)
yum -y update && yum -y install socat ;;
yum -y update && yum -y install socat
;;
fedora)
dnf -y update && dnf -y install socat ;;
dnf -y update && dnf -y install socat
;;
*)
echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
exit 1 ;;
exit 1
;;
esac
if [ $? -ne 0 ]; then
LOGE "install socat failed, please check logs"
@ -783,7 +788,8 @@ warp_cloudflare() {
read -p "Choose an option: " choice
case "$choice" in
0)
show_menu ;;
show_menu
;;
1)
bash <(curl -sSL https://raw.githubusercontent.com/hamid-gh98/x-ui-scripts/main/install_warp_proxy.sh)
;;
@ -810,7 +816,8 @@ multi_protocol() {
read -p "Choose an option: " choice
case "$choice" in
0)
show_menu ;;
show_menu
;;
1)
bash <(curl -Ls https://raw.githubusercontent.com/M4mmad/3xui-multi-protocol/master/install.sh --ipv4)
;;
@ -862,32 +869,34 @@ run_speedtest() {
}
create_iplimit_jails() {
# Use default bantime if not passed => 30 minutes
# Set default bantime to 30 minutes if not provided
local bantime="${1:-30}"
# uncomment allowipv6 = auto in fail2ban.conf
# Uncomment 'allowipv6 = auto' in fail2ban.conf
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf
cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf
[3x-ipl]
# Create 3x-ipl jail configuration
jail_config="[3x-ipl]
enabled=true
filter=3x-ipl
action=3x-ipl
logpath=${iplimit_log_path}
maxretry=4
findtime=60
bantime=${bantime}m
EOF
bantime=${bantime}m"
cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf
[Definition]
echo "$jail_config" >/etc/fail2ban/jail.d/3x-ipl.conf
# Create 3x-ipl filter definition
filter_definition="[Definition]
datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR>
ignoreregex =
EOF
ignoreregex ="
cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf
[INCLUDES]
echo "$filter_definition" >/etc/fail2ban/filter.d/3x-ipl.conf
# Create 3x-ipl action Definition
action_definition="[INCLUDES]
before = iptables-common.conf
[Definition]
@ -907,10 +916,11 @@ actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path}
[Init]
EOF
[Init]"
echo -e "${green}Created Ip Limit jail files with a bantime of ${bantime} minutes.${plain}"
echo "$action_definition" >/etc/fail2ban/action.d/3x-ipl.conf
echo -e "${green}Ip Limit jail files created with a bantime of ${bantime} minutes.${plain}"
}
iplimit_remove_conflicts() {
@ -939,23 +949,26 @@ iplimit_main() {
read -p "Choose an option: " choice
case "$choice" in
0)
show_menu ;;
show_menu
;;
1)
confirm "Proceed with installation of Fail2ban & IP Limit?" "y"
if [[ $? == 0 ]]; then
install_iplimit
else
iplimit_main
fi ;;
fi
;;
2)
read -rp "Please enter new Ban Duration in Minutes [default 5]: " NUM
read -rp "Please enter new Ban Duration in Minutes [default 30]: " NUM
if [[ $NUM =~ ^[0-9]+$ ]]; then
create_iplimit_jails ${NUM}
systemctl restart fail2ban
else
echo -e "${red}${NUM} is not a number! Please, try again.${plain}"
fi
iplimit_main ;;
iplimit_main
;;
3)
confirm "Proceed with Unbanning everyone from IP Limit jail?" "y"
if [[ $? == 0 ]]; then
@ -965,7 +978,8 @@ iplimit_main() {
else
echo -e "${yellow}Cancelled.${plain}"
fi
iplimit_main ;;
iplimit_main
;;
4)
show_banlog
;;
@ -974,7 +988,8 @@ iplimit_main() {
;;
6)
remove_iplimit ;;
remove_iplimit
;;
*) echo "Invalid choice" ;;
esac
}
@ -988,15 +1003,19 @@ install_iplimit() {
ubuntu | debian)
wget -O fail2ban.deb https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb
wget -O fail2ban.deb.asc https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb.asc
dpkg -i fail2ban.deb ;;
dpkg -i fail2ban.deb
;;
centos | almalinux | rocky)
yum update -y && yum install epel-release -y
yum -y install fail2ban ;;
yum -y install fail2ban
;;
fedora)
dnf -y update && dnf -y install fail2ban ;;
dnf -y update && dnf -y install fail2ban
;;
*)
echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
exit 1 ;;
exit 1
;;
esac
if ! command -v fail2ban-client &>/dev/null; then
@ -1053,7 +1072,8 @@ remove_iplimit(){
rm -f /etc/fail2ban/jail.d/3x-ipl.conf
systemctl restart fail2ban
echo -e "${green}IP Limit removed successfully!${plain}\n"
before_show_menu ;;
before_show_menu
;;
2)
rm -rf /etc/fail2ban
systemctl stop fail2ban
@ -1061,25 +1081,32 @@ remove_iplimit(){
ubuntu | debian)
apt-get remove -y fail2ban
apt-get purge -y fail2ban -y
apt-get autoremove -y;;
apt-get autoremove -y
;;
centos | almalinux | rocky)
yum remove fail2ban -y
yum autoremove -y;;
yum autoremove -y
;;
fedora)
dnf remove fail2ban -y
dnf autoremove -y;;
dnf autoremove -y
;;
*)
echo -e "${red}Unsupported operating system. Please uninstall Fail2ban manually.${plain}\n"
exit 1 ;;
exit 1
;;
esac
echo -e "${green}Fail2ban and IP Limit removed successfully!${plain}\n"
before_show_menu ;;
before_show_menu
;;
0)
echo -e "${yellow}Cancelled.${plain}\n"
iplimit_main ;;
iplimit_main
;;
*)
echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
remove_iplimit ;;
remove_iplimit
;;
esac
}