Home Explore Help
Sign In
cybergavin
/
fail2ban
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
fail2ban
/
banaction.sh

banaction.sh 4.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. #!/bin/bash
    2. 

  2. # Author           : cybergavin
    3. 

  3. # Date             : 28-FEB-2020
    4. 

  4. # Description      : This script is executed when Fail2Ban takes action to ban an IP. The script
    5. 

  5. #                    logs the time, IP being banned and the reason for banning and such data will
    6. 

  6. #                    facilitate decisions on permanent blacklisting of IPs.
    7. 

  7. #
    8. 

  8. ######################################################################################################
    9. 

  9. #
    10. 

  10. # Variables
    11. 

  11. #
    12. 

  12. sender_name="cybergavin"
    13. 

  13. sender_email="mail@cybergav.in"
    14. 

  14. rec_email=""   # Multiple email adddresses may be used and separated with commas
    15. 

  15. valid_user_bantime=`fail2ban-client get sshd-valid bantime`
    16. 

  16. #
    17. 

  17. # Determine Script Location
    18. 

  18. #
    19. 

  19. if [ -n "`dirname $0 | grep '^/'`" ]; then
    20. 

  20.    SCRIPT_LOCATION=`dirname $0`
    21. 

  21. elif [ -n "`dirname $0 | grep '^..'`" ]; then
    22. 

  22.      cd `dirname $0`
    23. 

  23.      SCRIPT_LOCATION=$PWD
    24. 

  24.      cd - > /dev/null
    25. 

  25. else
    26. 

  26.      SCRIPT_LOCATION=`echo ${PWD}/\`dirname $0\` | sed 's#\/\.$##g'`
    27. 

  27. fi
    28. 

  28. #
    29. 

  29. # Log stderr and stdout
    30. 

  30. #
    31. 

  31. exec 1> ${SCRIPT_LOCATION}/banaction.stdout
    32. 

  32. exec 2> ${SCRIPT_LOCATION}/banaction.stderr
    33. 

  33. #
    34. 

  34. # Parse input
    35. 

  35. #
    36. 

  36. unset myip myuser
    37. 

  37. if [ $# -eq 0 ]; then
    38. 

  38.    printf "ERROR : Invalid script usage.\nUSAGE: /etc/fail2ban/banaction.sh -i <ip> -u <user> -f <failures>"
    39. 

  39.    exit 1
    40. 

  40. else
    41. 

  41.    while getopts ":i:u:f:" opt; do
    42. 

  42.     case $opt in
    43. 

  43.         i )  myip=${OPTARG}
    44. 

  44.              ;;
    45. 

  45.         u )  myuser=${OPTARG}
    46. 

  46.              ;;
    47. 

  47.         f )  myfails=${OPTARG}
    48. 

  48.              ;;
    49. 

  49.         : )  printf "\n$0: Missing argument for -$OPTARG option\n"
    50. 

  50.              exit 2
    51. 

  51.              ;;
    52. 

  52.         \? ) printf "ERROR : Invalid script usage.\nUSAGE: /etc/fail2ban/banaction.sh -i <ip> -u <user> -f <failures>"
    53. 

  53.              exit 1
    54. 

  54.              ;;
    55. 

  55.     esac
    56. 

  56.   done
    57. 

  57. shift $(($OPTIND - 1))
    58. 

  58. fi
    59. 

  59. #
    60. 

  60. # Send email alert if the user is valid
    61. 

  61. #
    62. 

  62. if [ -n "`id -un $myuser`" ]; then
    63. 

  63. cat <<EOF | /usr/sbin/sendmail -f $sender_email $rec_email
    64. 

  64. Subject: $sender_name : Blocked SSH connectivity from $myip
    65. 

  65. Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
    66. 

  66. From: $sender_name <$sender_email>
    67. 

  67. To: $rec_email
    68. 

  68. Content-Type: text/html
    69. 

  69. <html>
    70. 

  70. <head>
    71. 

  71. <style>
    72. 

  72. .datagrid1 table { border: 1px solid black; border-collapse: collapse; text-align: justify; width: 40%; font: normal 12px/150% Verdana, Arial, Helvetica, sans-serif; }
    73. 

  73. .datagrid1 td {border: 1px solid black;}
    74. 

  74. </style>
    75. 

  75. </head>
    76. 

  76. <body>
    77. 

  77. The XXXYYY Application has been protected by Fail2Ban as per the following:<br /><br />
    78. 

  78. <div class="datagrid1">
    79. 

  79. <table>
    80. 

  80.         <tr>
    81. 

  81.                 <td width="20%" style="background-color:#BDBDBD;"><b>Hostname</b></td>
    82. 

  82.                 <td width="20%">$HOSTNAME</td>
    83. 

  83.         </tr>
    84. 

  84.         <tr>
    85. 

  85.                 <td width="20%" style="background-color:#BDBDBD;"><b>Banned IP</b></td>
    86. 

  86.                 <td width="20%">$myip</td>
    87. 

  87.         </tr>
    88. 

  88.         <tr>
    89. 

  89.                 <td width="20%" style="background-color:#BDBDBD;"><b>User</b></td>
    90. 

  90.                 <td width="20%">$myuser</td>
    91. 

  91.         </tr>
    92. 

  92.         <tr>
    93. 

  93.                 <td width="20%" style="background-color:#BDBDBD;"><b>#Failures</b></td>
    94. 

  94.                 <td width="20%">$myfails</td>
    95. 

  95.         </tr>
    96. 

  96.         <tr>
    97. 

  97.                 <td width="20%" style="background-color:#BDBDBD;"><b>Ban Duration</b></td>
    98. 

  98.                 <td width="20%">$(( valid_user_bantime/60 )) minutes</td>
    99. 

  99.         </tr>
    100. 

  100. </table>
    101. 

  101. </div>
    102. 

  102. <br /><br />
    103. 

  103. <b>NOTE:</b>To unban the above IP address, login on <b>$HOSTNAME</b> as <b>esuser</b> and execute the following command: <br /><br />
    104. 

  104. <font size="2" face="Courier New" >sudo fail2ban-client set sshd-valid unbanip $myip</font>
    105. 

  105. </body>
    106. 

  106. </html>
    107. 

  107. EOF
    108. 

  108. fi
    109. 

  109. #
    110. 

  110. # Log Fail2Ban data
    111. 

  111. #
    112. 

  112. if [ ! -d ${SCRIPT_LOCATION}/data ]; then
    113. 

  113.    mkdir ${SCRIPT_LOCATION}/data
    114. 

  114. fi
    115. 

  115. DATAFILE=${SCRIPT_LOCATION}/data/banaction_`date '+%b%Y'`.csv
    116. 

  116. TDATE=`date '+%Y-%m-%d'`
    117. 

  117. TTIME=`date '+%H:%M:%S'`
    118. 

  118. if [ ! -f $DATAFILE ]; then
    119. 

  119.    echo "DATE,TIME,BANNED IP,USER" > $DATAFILE
    120. 

  120.    echo "${TDATE},${TTIME},${myip},${myuser}" >> $DATAFILE
    121. 

  121. else
    122. 

  122.    echo "${TDATE},${TTIME},${myip},${myuser}" >> $DATAFILE
    123. 

  123. fi
    124. 

  124. #
    125. 

  125. # Housekeep
    126. 

  126. #
    127. 

  127. if [ -d ${SCRIPT_LOCATION}/data ]; then
    128. 

  128.    find ${SCRIPT_LOCATION}/data -type f -name "banaction*.csv" -mtime +180 | xargs rm -f
    129. 

  129. fi
    130.