Add blockauth & config files
This commit is contained in:
parent
047bdb3e67
commit
8c3642adcd
130
blockauth
Executable file
130
blockauth
Executable file
|
|
@ -0,0 +1,130 @@
|
|||
#!/bin/bash
|
||||
|
||||
####################################################
|
||||
# blockauth: block auth connections using iptables #
|
||||
# Author: q3aql@duck.com <q3aql> #
|
||||
# License: GPL v2.0 #
|
||||
####################################################
|
||||
|
||||
# Check if process have root permissions
|
||||
mkdir -p /etc/root &> /dev/null
|
||||
administrador=$?
|
||||
if [ ${administrador} -eq 0 ] ; then
|
||||
rm -rf /etc/root
|
||||
else
|
||||
echo "blockauth: root permissions are required"
|
||||
exit
|
||||
fi
|
||||
|
||||
# Check dependencies
|
||||
path_check="/usr/bin /bin /usr/local/bin /sbin ${HOME}/.local/bin"
|
||||
dependencies="iptables cat grep sort sed rm echo"
|
||||
dependencies_found=""
|
||||
dependencies_not_found=""
|
||||
for checkPath in ${path_check} ; do
|
||||
for checkDependencies in ${dependencies} ; do
|
||||
if [ -f ${checkPath}/${checkDependencies} ] ; then
|
||||
dependencies_found="${dependencies_found} ${checkDependencies}"
|
||||
fi
|
||||
done
|
||||
done
|
||||
for notFound in ${dependencies} ; do
|
||||
check_found_one=$(echo ${dependencies_found} | grep " ${notFound}")
|
||||
check_found_two=$(echo ${dependencies_found} | grep "${notFound} ")
|
||||
if_not_found="${check_found_one}${check_found_two}"
|
||||
if [ -z "${if_not_found}" ] ; then
|
||||
dependencies_not_found="${dependencies_not_found} ${notFound}"
|
||||
fi
|
||||
done
|
||||
# Show if all dependencies are installed
|
||||
if [ -z "${dependencies_not_found}" ] ; then
|
||||
echo > /dev/null
|
||||
else
|
||||
echo "blockauth: some required tools are not installed:${dependencies_not_found}"
|
||||
echo "blockauth: process stopped"
|
||||
exit
|
||||
fi
|
||||
|
||||
# Function for reduce log
|
||||
function reduce_log() {
|
||||
if [ -z "${1}" ] ; then
|
||||
echo "blockauth: use: $0 <file.log>"
|
||||
else
|
||||
if [ -f "${1}" ] ; then
|
||||
num_tmp=${RANDOM}
|
||||
tail -4000 "${1}" > "${num_tmp}.tmp"
|
||||
cat "${num_tmp}.tmp" > "${1}"
|
||||
rm -rf "${num_tmp}.tmp"
|
||||
else
|
||||
echo "blockauth: file ${1} does not exist"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Check auth.log
|
||||
if [ ! -f /var/log/auth.log ] ; then
|
||||
echo "blockauth: file /var/log/auth.log does no exist"
|
||||
echo "blockauth: process stopped"
|
||||
exit
|
||||
fi
|
||||
|
||||
# Read configuration file
|
||||
if [ -f /etc/blockauth/blockauth.conf ] ; then
|
||||
source /etc/blockauth/blockauth.conf
|
||||
else
|
||||
mkdir -p /etc/blockauth/
|
||||
echo "# Blockauth configuration file" > /etc/blockauth/blockauth.conf
|
||||
echo "valid_users=\"test1 test2\"" >> /etc/blockauth/blockauth.conf
|
||||
echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf
|
||||
echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf
|
||||
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
|
||||
fi
|
||||
|
||||
echo "blockauth: running process"
|
||||
blockauth=0
|
||||
while [ ${blockauth} -eq 0 ] ; do
|
||||
sleep 60
|
||||
# Read auth.log file and select blocked IPs
|
||||
for user in ${valid_users} ; do
|
||||
echo "blockauth: allowing acces for ${user}"
|
||||
echo "blockauth: allowing acces for ${user}" >> ${filelog}
|
||||
sed -i "s/Failed password for ${user} from/blockauth\[allowed\]\: invalid pass for ${user} from/g" /var/log/auth.log
|
||||
sed -i "s/Failed password for invalid user ${user} from/blockauth\[allowed\]\: invalid pass for ${user} from/g" /var/log/auth.log
|
||||
done
|
||||
touch ${blocklist}
|
||||
cat ${blocklist} > ${blocklist}.temp
|
||||
echo "blockauth: creating blocklist"
|
||||
echo "blockauth: creating blocklist" >> ${filelog}
|
||||
cat /var/log/auth.log | grep "Failed password for" | grep -o -P '(?<=from).*(?=port)' >> ${blocklist}.temp
|
||||
sort -u ${blocklist}.temp > ${blocklist}
|
||||
rm -rf ${blocklist}.temp
|
||||
sed -i 's/Failed password for/blockauth\[blocked\]\: invalid pass for/g' /var/log/auth.log
|
||||
|
||||
# Exclude allowed IPs
|
||||
if [ -z "${always_ip_allowed}" ] ; then
|
||||
echo "blockauth: running exclude allowed ips"
|
||||
echo "blockauth: running exclude allowed ips" >> ${filelog}
|
||||
else
|
||||
echo "blockauth: running exclude allowed ips"
|
||||
echo "blockauth: running exclude allowed ips" >> ${filelog}
|
||||
for allowed_ip in ${always_ip_allowed} ; do
|
||||
echo "blockauth: allowing ip ${allowed_ip}"
|
||||
echo "blockauth: allowing ip ${allowed_ip}" >> ${filelog}
|
||||
sed -i "/${allowed_ip}/d" ${blocklist}
|
||||
done
|
||||
fi
|
||||
|
||||
# Block IPs using iptables
|
||||
for block_ip in $(cat ${blocklist}) ; do
|
||||
read_block_ip=$(iptables -n -L | grep "${block_ip}")
|
||||
if [ -z "${read_block_ip}" ] ; then
|
||||
echo "blockauth: blocking ip ${block_ip}"
|
||||
echo "blockauth: blocking ip ${block_ip}" >> ${filelog}
|
||||
iptables -A INPUT -d ${block_ip} -j DROP
|
||||
iptables -A OUTPUT -d ${block_ip} -j DROP
|
||||
fi
|
||||
done
|
||||
|
||||
# Reduce log
|
||||
reduce_log ${filelog}
|
||||
done
|
||||
5
config/blockauth.conf
Normal file
5
config/blockauth.conf
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Blockauth configuration file
|
||||
valid_users="test1 test2"
|
||||
always_ip_allowed="192.168.0.1 192.168.0.2"
|
||||
blocklist="/etc/blockauth/blocklist.list"
|
||||
filelog="/etc/blockauth/blockauth.log"
|
||||
11
systemd/blockauth.service
Normal file
11
systemd/blockauth.service
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=Daemon for block auth connections using iptables
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/blockauth
|
||||
ExecStop=/usr/bin/killall blockauth
|
||||
Loading…
Reference in New Issue
Block a user