[How-To] Fail2ban4ever

for NBBAD_IP in `grep -c $BAD_IP $FAIL2BANLOG`

for NBBAD_IP in `grep -c "] Ban $BAD_IP" $FAIL2BANLOG`

for NBBAD_IP in `grep -c $BAD_IP $FAIL2BANLOG`

for NBBAD_IP in `grep -c "] Ban $BAD_IP" $FAIL2BANLOG`

93c93
<             if [ "`echo $BAD_IP`" = "`iptables-save | grep -e "ever -s $BAD_IP" | cut -d " " -f4 | cut -d "/" -f1`" ]
---
>             if [ "`echo $BAD_IP`" = "`iptables-save | grep -e "$BAD_IP" | cut -d " " -f4`" ]
119c119
<     # On scanne le fichier log de fail to ban pour lister les IP déjà bannie temporairement
---
>     # On scanne le fichier log de fail to ban pour lister les IP déjà  bannie temporairement
126c126
<              if [ "`echo $BAD_IP`" = "`iptables-save | grep -e "ever -s $BAD_IP" | cut -d " " -f4 | cut -d "/" -f1`" ]
---
>              if [ "`echo $BAD_IP`" = "`iptables-save | grep -e "$BAD_IP" | cut -d " " -f4`" ]
192a193,194
> 
>

#!/bin/sh

#
# Nom         : fail2ban4ever.sh
# Description : Extrait des logs de fail2ban les IP les plus bannies
#               pour ensuite les ajouter définitivement a iptables.
# OS          : Debian
# Requires    : iptables, fail2ban
# Licence     : GPL
# Version     : 0.0.6
# Author      : Adrien Pujol 
# Web site    : http://www.crashdump.fr/
#

#-----> VARIABLES A CONFIGURER <----------------------------------------#

# Chemin vers iptables
IPT=/sbin/iptables

# Chemin vers le log de fail2ban
FAIL2BANLOG=/var/log/fail2ban.log

# Fonction date du système
DATE=`date -R`;

# Nombre de fois avant le ban définitif
NB_BEFOREBAN=2

#----- RIEN A TOUCHER APRES --------------------------------------------#

# Un peu de couleur
# 31=rouge, 32=vert, 33=jaune,34=bleu, 35=rose, 36=cyan, 37= blanc
color()
{
  #echo [$1`shift`m$*[m
  printf '\033[%sm%s\033[m\n' "$@"
}

# Helper function to get hostname(s) from variable
get_shost()
{
  # Get variable from stdin
  read hosts_ports

  CHK_HOST="$(echo "$hosts_ports" |awk -F: '{ print $1 }')"
  # IP or hostname?
  if [ -n "$(echo "$CHK_HOST" |grep -i -e '\.' -e '[a-z]')" ]; then
    echo "$CHK_HOST"
    return 0
  else
    echo "0/0"
    return 1
  fi
}

# Helper function to resolve an IP to a DNS name
# $1 = IP. stdout = DNS name
get_hostname()
{
  if [ -n "$(echo "$1" |grep '/')" ]; then
    return 1
  else
    printf "$(dig +short +tries=1 +time=1 -x "$1" 2>/dev/null |grep -v "^;;" |head -n1)"
  fi

  return 0
}

echo "+-----------------------------------------------------------------------+"
echo "|   Fail2Ban4Ever v0.0.6                                                |"
echo "|                                                   |"
echo "+-----------------------------------------------------------------------+"

# seul root peux executer ce script
if test `id -u` != "0"; then
    echo -n "`color 31 "[Erreur]"` Vous n'etes pas root, desole..."
    exit
fi

if [ ! -f "$FAIL2BANLOG" ]; then
    echo "`color 31 "[Erreur]"` Fichier $FAIL2BANLOG Introuvable"
    exit
fi

case $1 in

afficher)
    for BAD_IP in `grep "] Ban" $FAIL2BANLOG | cut -d " " -f7 | sort -u`
    do
        for NBBAD_IP in `grep -c $BAD_IP $FAIL2BANLOG`
        do
            # On vérifie quelle nest pas deja presente dans iptables
            if [ "`echo $BAD_IP`" = "`iptables-save | grep -e "ever -s $BAD_IP" | cut -d " " -f4 | cut -d "/" -f1`" ]
            then
                 echo "+-IP: `color 32 "$BAD_IP"`(`get_hostname "$BAD_IP"`): `color 32 "$NBBAD_IP -> DEJA BANNIE"`"
            # Sinon on affiche
            elif [ `echo $NBBAD_IP` -ge `echo $NB_BEFOREBAN` ]
            then
                echo "+-IP: `color 31 "$BAD_IP"`(`get_hostname "$BAD_IP"`): `color 31 "$NBBAD_IP <- TO BAN"`"
            else
                echo "| IP: `color 33 "$BAD_IP"`(`get_hostname "$BAD_IP"`): `color 33 "$NBBAD_IP"`"
            fi
        done
    done
;;

bannir)
    # Verification de la presence de la Chain dans iptables.. sinon on cree
    echo "Verification de la presence de la chaine dans iptables:"
    if [ "`iptables -L -nv --line-numbers | grep -e "Chain fail2ban4ever" | cut -d\  -f 2`" = "fail2ban4ever" ]
    then
        echo "Chaine "fail2ban4ever" trouvée dans iptables... [ `color 32 "Ok"` ]"
    else
        echo "Chaine "fail2ban4ever" non-trouvée dans iptables... [ `color 32 "Création"` ]"
        iptables -N fail2ban4ever
        iptables -I INPUT -j fail2ban4ever
    fi

    # On scanne le fichier log de fail to ban pour lister les IP déjà* bannie temporairement
    for BAD_IP in `grep "] Ban" $FAIL2BANLOG | cut -d " " -f7 | sort -u`
    do
         # On compte le nombre de fois qu elle apparait !
         for NBBAD_IP in `grep -c $BAD_IP $FAIL2BANLOG`
         do
             # On vérifie quelle nest pas deja presente dans iptables
             if [ "`echo $BAD_IP`" = "`iptables-save | grep -e "ever -s $BAD_IP" | cut -d " " -f4 | cut -d "/" -f1`" ]
             then
                 echo "+-IP: `color 32 "$BAD_IP"`(`get_hostname "$BAD_IP"`): `color 32 "$NBBAD_IP -> DEJA BANNIE"`";
             # Si c est supérieur au nombre choisi et non presente dans iptables, on peut lancer le choix
             elif [ `echo $NBBAD_IP` -ge `echo $NB_BEFOREBAN` ]
             then    
                
                 echo "+-IP: `color 31 "$BAD_IP"`(`get_hostname "$BAD_IP"`): `color 31 "$NBBAD_IP -> A BANNIR"`";
                 printf "+-----> Bannir définitivement IP (OUI/non):"
                 read CHOIX
                 case $CHOIX in
                 oui)
                     echo "+-----> `color 32 "Ajoutée au /var/log/message:"` [$0] $DATE - Drop de IP : $BAD_IP(`get_hostname "$BAD_IP"`)"
                     echo "[$0] $DATE - Drop de IP : $BAD_IP(`get_hostname "$BAD_IP"`)" >> /var/log/messages;
                     echo "+-----> `color 32 "Ajoutée au regles iptables:"` iptables -I fail2ban4ever -p ALL -s $BAD_IP -j DROP"
                     iptables -I fail2ban4ever -p ALL -s $BAD_IP -j DROP -m comment --comment "generated by fail2ban4ever.sh after $NBBAD_IP attacks"
                 ;;
                 non)
                     echo "+-----> `color 31 "NON BANNIE /!\"`"
                 ;;
                 *)
                     echo "+-----> `color 32 "Ajoutée au /var/log/message:"` [$0] $DATE - Drop de IP : $BAD_IP(`get_hostname "$BAD_IP"`)"
                     echo "[$0] $DATE - Drop de IP : $BAD_IP(`get_hostname "$BAD_IP"`)" >> /var/log/messages;
                     echo "+-----> `color 32 "Ajoutée au regles iptables: "` iptables -I fail2ban4ever -p ALL -s $BAD_IP -j DROP"
                     iptables -I fail2ban4ever -p ALL -s $BAD_IP -j DROP -m comment --comment "generated by fail2ban4ever.sh after $NBBAD_IP attacks"
                 ;;
                 esac
             # Sinon on affiche le nombre de fois quelle apparais
             else
                 echo "| IP: `color 33 "$BAD_IP"`(`get_hostname "$BAD_IP"`): `color 33 "$NBBAD_IP"`";
             fi        
         done
    done 
exit
;;

purger)
    if [ "`iptables -L -nv --line-numbers | grep -e "Chain fail2ban4ever" | cut -d\  -f 2`" = "fail2ban4ever" ]
    then
        echo "Chaine "fail2ban4ever" trouvée dans iptables... [ `color 32 "Suppression"` ]"

        if [ "`iptables -L INPUT -nv --line-numbers | grep -e "fail2ban4ever" | cut -b1`" != "" ]
        then
            for FBRNB in `iptables -L fail2ban4ever -nv --line-numbers | grep -e " --" | cut -b1`
            do
                iptables -D fail2ban4ever 1
            done
            iptables -D INPUT `iptables -L INPUT -nv --line-numbers | grep -e "fail2ban4ever" | cut -b1`
            iptables -X fail2ban4ever
        else
            for FBRNB in `iptables -L fail2ban4ever -nv --line-numbers | grep -e " --" | cut -b1`
            do
                iptables -D fail2ban4ever 1
            done
            iptables -X fail2ban4ever
        fi
    else
        echo "Chaine "fail2ban4ever" non-trouvée dans iptables... [ `color 32 "Ok"` ]"
    fi
;;

*)
    echo ""
    echo "Syntaxe : $0 afficher|bannir|purger"
    exit
;;
esac