diff --git a/blockauth b/blockauth new file mode 100755 index 0000000..1022671 --- /dev/null +++ b/blockauth @@ -0,0 +1,130 @@ +#!/bin/bash + +#################################################### +# blockauth: block auth connections using iptables # +# Author: q3aql@duck.com # +# License: GPL v2.0 # +#################################################### + +# Check if process have root permissions +mkdir -p /etc/root &> /dev/null +administrador=$? +if [ ${administrador} -eq 0 ] ; then + rm -rf /etc/root +else + echo "blockauth: root permissions are required" + exit +fi + +# Check dependencies +path_check="/usr/bin /bin /usr/local/bin /sbin ${HOME}/.local/bin" +dependencies="iptables cat grep sort sed rm echo" +dependencies_found="" +dependencies_not_found="" +for checkPath in ${path_check} ; do + for checkDependencies in ${dependencies} ; do + if [ -f ${checkPath}/${checkDependencies} ] ; then + dependencies_found="${dependencies_found} ${checkDependencies}" + fi + done +done +for notFound in ${dependencies} ; do + check_found_one=$(echo ${dependencies_found} | grep " ${notFound}") + check_found_two=$(echo ${dependencies_found} | grep "${notFound} ") + if_not_found="${check_found_one}${check_found_two}" + if [ -z "${if_not_found}" ] ; then + dependencies_not_found="${dependencies_not_found} ${notFound}" + fi +done +# Show if all dependencies are installed +if [ -z "${dependencies_not_found}" ] ; then + echo > /dev/null +else + echo "blockauth: some required tools are not installed:${dependencies_not_found}" + echo "blockauth: process stopped" + exit +fi + +# Function for reduce log +function reduce_log() { + if [ -z "${1}" ] ; then + echo "blockauth: use: $0 " + else + if [ -f "${1}" ] ; then + num_tmp=${RANDOM} + tail -4000 "${1}" > "${num_tmp}.tmp" + cat "${num_tmp}.tmp" > "${1}" + rm -rf "${num_tmp}.tmp" + else + echo "blockauth: file ${1} does not exist" + fi + fi +} + +# Check auth.log +if [ ! -f /var/log/auth.log ] ; then + echo "blockauth: file /var/log/auth.log does no exist" + echo "blockauth: process stopped" + exit +fi + +# Read configuration file +if [ -f /etc/blockauth/blockauth.conf ] ; then + source /etc/blockauth/blockauth.conf +else + mkdir -p /etc/blockauth/ + echo "# Blockauth configuration file" > /etc/blockauth/blockauth.conf + echo "valid_users=\"test1 test2\"" >> /etc/blockauth/blockauth.conf + echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf + echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf + echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf +fi + +echo "blockauth: running process" +blockauth=0 +while [ ${blockauth} -eq 0 ] ; do + sleep 60 + # Read auth.log file and select blocked IPs + for user in ${valid_users} ; do + echo "blockauth: allowing acces for ${user}" + echo "blockauth: allowing acces for ${user}" >> ${filelog} + sed -i "s/Failed password for ${user} from/blockauth\[allowed\]\: invalid pass for ${user} from/g" /var/log/auth.log + sed -i "s/Failed password for invalid user ${user} from/blockauth\[allowed\]\: invalid pass for ${user} from/g" /var/log/auth.log + done + touch ${blocklist} + cat ${blocklist} > ${blocklist}.temp + echo "blockauth: creating blocklist" + echo "blockauth: creating blocklist" >> ${filelog} + cat /var/log/auth.log | grep "Failed password for" | grep -o -P '(?<=from).*(?=port)' >> ${blocklist}.temp + sort -u ${blocklist}.temp > ${blocklist} + rm -rf ${blocklist}.temp + sed -i 's/Failed password for/blockauth\[blocked\]\: invalid pass for/g' /var/log/auth.log + + # Exclude allowed IPs + if [ -z "${always_ip_allowed}" ] ; then + echo "blockauth: running exclude allowed ips" + echo "blockauth: running exclude allowed ips" >> ${filelog} + else + echo "blockauth: running exclude allowed ips" + echo "blockauth: running exclude allowed ips" >> ${filelog} + for allowed_ip in ${always_ip_allowed} ; do + echo "blockauth: allowing ip ${allowed_ip}" + echo "blockauth: allowing ip ${allowed_ip}" >> ${filelog} + sed -i "/${allowed_ip}/d" ${blocklist} + done + fi + + # Block IPs using iptables + for block_ip in $(cat ${blocklist}) ; do + read_block_ip=$(iptables -n -L | grep "${block_ip}") + if [ -z "${read_block_ip}" ] ; then + echo "blockauth: blocking ip ${block_ip}" + echo "blockauth: blocking ip ${block_ip}" >> ${filelog} + iptables -A INPUT -d ${block_ip} -j DROP + iptables -A OUTPUT -d ${block_ip} -j DROP + fi + done + + # Reduce log + reduce_log ${filelog} +done diff --git a/config/blockauth.conf b/config/blockauth.conf new file mode 100644 index 0000000..121b0ee --- /dev/null +++ b/config/blockauth.conf @@ -0,0 +1,5 @@ +# Blockauth configuration file +valid_users="test1 test2" +always_ip_allowed="192.168.0.1 192.168.0.2" +blocklist="/etc/blockauth/blocklist.list" +filelog="/etc/blockauth/blockauth.log" diff --git a/systemd/blockauth.service b/systemd/blockauth.service new file mode 100644 index 0000000..3ea519f --- /dev/null +++ b/systemd/blockauth.service @@ -0,0 +1,11 @@ +[Unit] +Description=Daemon for block auth connections using iptables +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=simple +ExecStart=/usr/bin/blockauth +ExecStop=/usr/bin/killall blockauth