Marc S. Weidner
68eb879c8a
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 34s
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 48m28s
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 47m5s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 47m5s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
88 lines
2.9 KiB
Bash
88 lines
2.9 KiB
Bash
#!/bin/bash
|
|
# SPDX-Version: 3.0
|
|
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
|
|
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
|
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-FileType: SOURCE
|
|
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
|
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
|
# SPDX-PackageName: CISS.debian.live.builder
|
|
# SPDX-Security-Contact: security@coresecret.eu
|
|
|
|
#######################################
|
|
# Wrapper for fail2ban filter checks against logs.
|
|
# Usage: f2bchk --mode=ignored || --mode=matched || --mode=missed \
|
|
# --filter=/etc/fail2ban/filter.d/ufw.aggressive.conf \
|
|
# --log=/var/log/ufw.log \
|
|
# --output=/tmp/f2bchk.log
|
|
# Globals:
|
|
# DEFAULT_FILTER
|
|
# DEFAULT_LOG
|
|
# DEFAULT_MODE
|
|
# Arguments:
|
|
# None
|
|
# Returns:
|
|
# 1 In case of any errors
|
|
#######################################
|
|
f2bchk(){
|
|
# Declare default values (readonly)
|
|
declare -r DEFAULT_MODE="matched"
|
|
declare -r DEFAULT_FILTER="/etc/fail2ban/filter.d/ufw.aggressive.conf"
|
|
declare -r DEFAULT_LOG="/var/log/ufw.log"
|
|
|
|
declare mode="${DEFAULT_MODE}"
|
|
declare filter="${DEFAULT_FILTER}"
|
|
declare log="${DEFAULT_LOG}"
|
|
declare output=""
|
|
declare arg=""
|
|
|
|
for arg in "$@"; do
|
|
case "${arg}" in
|
|
--mode=*) mode="${arg#--mode=}";;
|
|
--filter=*) filter="${arg#--filter=}";;
|
|
--log=*) log="${arg#--log=}";;
|
|
--output=*) output="${arg#--output=}";;
|
|
*)
|
|
printf "\e[31m[ERROR]\e[0m Unknown argument: %s\n" "${arg}"
|
|
return 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
declare flag suffix
|
|
case "${mode}" in
|
|
ignored) flag="--print-all-ignored"; suffix="all.ignored";;
|
|
matched) flag="--print-all-matched"; suffix="all.matched";;
|
|
missed) flag="--print-all-missed"; suffix="all.missed";;
|
|
*)
|
|
printf "\e[31m[ERROR]\e[0m Invalid mode: %s\n" "${mode}"
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
if [[ -z "${output}" ]]; then
|
|
declare filter_name="${filter##*/}"
|
|
filter_name="${filter_name%.conf}"
|
|
output="/tmp/${filter_name}.${suffix}.log"
|
|
fi
|
|
if [[ ! -r "${log}" ]]; then
|
|
printf "\e[31m[ERROR]\e[0m Log file '%s' not found or not readable.\n" "${log}"
|
|
return 1
|
|
fi
|
|
if [[ ! -r "${filter}" ]]; then
|
|
printf "\e[31m[ERROR]\e[0m Filter file '%s' not found or not readable.\n" "${filter}"
|
|
return 1
|
|
fi
|
|
|
|
printf "\e[33m[INFO]\e[0m Running: fail2ban-regex %s %s %s\n" "${log}" "${filter}" "${flag}"
|
|
if fail2ban-regex "${log}" "${filter}" "${flag}" >| "${output}"; then
|
|
printf "\e[32m[SUCCESS]\e[0m Saved log to %s\n" "$output"
|
|
printf "You can view it with: cat %s\n" "$output"
|
|
else
|
|
printf "\e[31m[ERROR]\e[0m fail2ban-regex execution failed.\n"
|
|
return 1
|
|
fi
|
|
}
|
|
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|