Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-08-30 23:06:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update x-ui.sh to apply single source of truth for jail file

Browse source
This commit is contained in:
Hamidreza Ghavami 2023-06-25 03:42:13 +04:30
parent 295f705684
commit 218590394e
No known key found for this signature in database
GPG key ID: 402C6797325182D9
1 changed files with 33 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
x-ui.sh
View file

@ -56,6 +56,13 @@ elif [[ "${release}" == "debian" ]]; then
fi fi
fi fi
# Declare Variables
log_folder="${XUI_LOG_FOLDER:=/var/log}"
jail_log_path="${log_folder}/3xipl.log"
jail_banned_log_path="${log_folder}/3xipl-banned.log"
confirm() { confirm() {
if [[ $# > 1 ]]; then if [[ $# > 1 ]]; then
echo && read -p "$1 [Default $2]: " temp echo && read -p "$1 [Default $2]: " temp
@ -696,6 +703,24 @@ run_speedtest() {
speedtest speedtest
} }
create_iplimit_jail() {
# Use default bantime if not passed => 5 minutes
local bantime="${1:-5}"
cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf
[3x-ipl]
enabled=true
filter=3x-ipl
action=3x-ipl
logpath=${jail_log_path}
maxretry=3
findtime=100
bantime=${bantime}m
EOF
echo -e "${green}Created Ip Limit jail with a bantime of ${bantime} minutes.${plain}"
}
iplimit_main() { iplimit_main() {
echo -e "\n${green}\t1.${plain} Install Fail2ban and configure IP Limit" echo -e "\n${green}\t1.${plain} Install Fail2ban and configure IP Limit"
echo -e "${green}\t2.${plain} Change Ban Duration" echo -e "${green}\t2.${plain} Change Ban Duration"
@ -717,7 +742,7 @@ iplimit_main() {
2) 2)
read -rp "Please enter new Ban Duration in Minutes [default 5]: " NUM read -rp "Please enter new Ban Duration in Minutes [default 5]: " NUM
if [[ $NUM =~ ^[0-9]+$ ]]; then if [[ $NUM =~ ^[0-9]+$ ]]; then
echo -e "\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/3xipl.log\nmaxretry=3\nfindtime=100\nbantime=${NUM}m" > /etc/fail2ban/jail.d/3x-ipl.conf create_iplimit_jail ${NUM}
sudo systemctl restart fail2ban sudo systemctl restart fail2ban
echo -e "${green}Bantime set to ${NUM} minutes successfully.${plain}" echo -e "${green}Bantime set to ${NUM} minutes successfully.${plain}"
else else
@ -773,24 +798,25 @@ install_iplimit() {
echo -e "${green}Configuring IP Limit...${plain}\n" echo -e "${green}Configuring IP Limit...${plain}\n"
#Check if [3x-ipl] exists in jail.local (just making sure there's no double config for jail) # Check if [3x-ipl] exists in jail.local (just making sure there's no double config for jail)
if grep -qw '3x-ipl' /etc/fail2ban/jail.local || grep -qw '3x-ipl' /etc/fail2ban/jail.conf; then if grep -qw '3x-ipl' /etc/fail2ban/jail.local || grep -qw '3x-ipl' /etc/fail2ban/jail.conf; then
echo -e "${red}Found conflicts in /etc/fail2ban/jail.conf or jail.local file!\nPlease manually remove anything related 3x-ipl in that files and try again.\nInstallation of IP Limit failed.${plain}\n" echo -e "${red}Found conflicts in /etc/fail2ban/jail.conf or jail.local file!\nPlease manually remove anything related 3x-ipl in that files and try again.\nInstallation of IP Limit failed.${plain}\n"
exit 1 exit 1
fi fi
#Check if log file exists # Check if log file exists
if ! test -f "/var/log/3xipl-banned.log"; then if ! test -f "/var/log/3xipl-banned.log"; then
touch /var/log/3xipl-banned.log touch /var/log/3xipl-banned.log
fi fi
#Check if service log file exists so fail2ban won't return error # Check if service log file exists so fail2ban won't return error
if ! test -f "/var/log/3xipl.log"; then if ! test -f "/var/log/3xipl.log"; then
touch /var/log/3xipl.log touch /var/log/3xipl.log
fi fi
echo -e "\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/3xipl.log\nmaxretry=3\nfindtime=100\nbantime=5m" > /etc/fail2ban/jail.d/3x-ipl.conf # Create the iplimit jail file
# we didn't pass the bantime here to use the default value
create_iplimit_jail
sudo cat > /etc/fail2ban/filter.d/3x-ipl.conf << EOF sudo cat > /etc/fail2ban/filter.d/3x-ipl.conf << EOF
[Definition] [Definition]
@ -823,7 +849,7 @@ actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
[Init] [Init]
EOF EOF
#Launching fail2ban # Launching fail2ban
if ! sudo systemctl is-active --quiet fail2ban; then if ! sudo systemctl is-active --quiet fail2ban; then
sudo systemctl start fail2ban sudo systemctl start fail2ban
else else