Skip to content
Snippets Groups Projects
Commit e62583d3 authored by Elian Loraux's avatar Elian Loraux
Browse files

add ban and unban script

parent a4ba2072
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Readme.md
+ 2
31
View file @ e62583d3
......@@ -19,39 +19,10 @@ actionstop =
actioncheck =
actionban = cd /home/dockerweb/ban/; sed -i "s/^BAN_IPS=\(.*\)/BAN_IPS=\1,\`<ip>\`/" .env; docker-compose up -d
actionban = cd /home/dockerweb/ban/; bash ban.sh <ip>
actionunban = cd /home/dockerweb/ban; sed -E "s/,\`<ip>\`//g; s/\`<ip>\`,//g; s/\`<ip>\`//g"; docker-compose down
actionunban = cd /home/dockerweb/ban; bash unban.sh <ip>
```
Dans `/etc/fail2ban/jail.conf` on doit ajouter `banaction = docker-page` dans la partie traefik
Pour récupere les hosts :
```bash
domain=$(bash $DIR/checks/list_domains.sh | grep -v '===' | sed "s/^/\`/" | sed "s/$/\`/" | paste -sd "," -)
sed -i "s/HOSTS=.*/HOSTS=$domain/" .env
```
list domaine :
```bash
#!/bin/bash
echo "RUN $(basename "$0") ==="
if [ "${WEB_SERVER}" == "apache2" ]; then
apache2ctl -S 2>/dev/null | awk '/namevhost/{print "https://"$4}' | sort -u | grep -v "127.0...1"
elif [ ! -z "${WEB_SERVER}"]; then
awk '/^[ \t]*(server_name|server_alias)/{gsub(/;$/, "", $2); print "https://"$2}' /etc/nginx/*-enabled/* | sort -u
fi
# If traefik module is enable
if id "dockerweb" >/dev/null 2>&1; then
# List all traefik domain
echo "===== list of domain ===="
docker ps -qa | xargs docker inspect | awk '/traefik.http.routers.*.rule/{print $2}' | sed -e 's/^"Host(`//' -e 's/`)",*//' -e 's/`,`/\n/g' | grep -v '!ClientIP' | sort -u
fi
```
ban.sh 0 → 100644
+ 44
0
View file @ e62583d3
#!/usr/bin/env bash
#!/bin/bash
# Fonction pour valider une adresse IPv4
validate_ipv4() {
local ip="$1"
local regex='^([0-9]{1,3}\.){3}[0-9]{1,3}$'
# Vérifier le format général avec une regex
if [[ ! $ip =~ $regex ]]; then
echo "Invalid IPv4 address: inccorect format"
return 1
fi
# Vérifier que chaque octet est entre 0 et 255
IFS='.' read -r -a octets <<< "$ip"
for octet in "${octets[@]}"; do
if ((octet < 0 || octet > 255)); then
echo "Invalid IPv4 address: Byte out of range (0-255)"
return 1
fi
done
return 0
}
# Vérifier si un paramètre est fourni
if [[ $# -ne 1 ]]; then
echo "Usage: $0 <ipv4 address>"
exit 1
fi
# Vérifier l'adresse IPv4 fournie
validate_ipv4 "$1"
if [[ $? -eq 0 ]]; then
domain=`docker ps -qa | xargs docker inspect | awk '/traefik.http.routers.*.rule/{print $2}' | sed -e 's/^"Host(`//' -e 's/`)",*//' -e 's/`,`/\n/g' | grep -v 'ClientIP' | sort -u | sed "s/^/\`/" | sed "s/$/\`/" | paste -sd ","`
sed -i "s/HOSTS=.*/HOSTS=$domain/" .env
sed -i "s/^BAN_IPS=\(.*\)/BAN_IPS=\1,\`$1\`/" .env
docker-compose up -d
else
exit 1
fi
unban.sh 0 → 100644
+ 41
0
View file @ e62583d3
#!/usr/bin/env bash
#!/bin/bash
# Fonction pour valider une adresse IPv4
validate_ipv4() {
local ip="$1"
local regex='^([0-9]{1,3}\.){3}[0-9]{1,3}$'
# Vérifier le format général avec une regex
if [[ ! $ip =~ $regex ]]; then
echo "Invalid IPv4 address: inccorect format"
return 1
fi
# Vérifier que chaque octet est entre 0 et 255
IFS='.' read -r -a octets <<< "$ip"
for octet in "${octets[@]}"; do
if ((octet < 0 || octet > 255)); then
echo "Invalid IPv4 address: Byte out of range (0-255)"
return 1
fi
done
return 0
}
# Vérifier si un paramètre est fourni
if [[ $# -ne 1 ]]; then
echo "Usage: $0 <ipv4 address>"
exit 1
fi
# Vérifier l'adresse IPv4 fournie
validate_ipv4 "$1"
if [[ $? -eq 0 ]]; then
sed -E "s/,\`$1\`//g; s/\`$1\`,//g; s/\`$1\`//g"
docker-compose up -d
else
exit 1
fi
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment