blockauth/blockauth

168 lines
6.0 KiB
Bash
Executable File

#!/bin/bash
####################################################
# blockauth: block auth connections using iptables #
# Author: q3aql@duck.com <q3aql> #
# License: GPL v2.0 #
####################################################
# Check if process have root permissions
mkdir -p /etc/root &> /dev/null
administrador=$?
if [ ${administrador} -eq 0 ] ; then
rm -rf /etc/root
else
echo "blockauth: root permissions are required"
exit
fi
# Check dependencies
path_check="/usr/bin /bin /usr/local/bin /sbin ${HOME}/.local/bin /home/linuxbrew/.linuxbrew/bin"
dependencies="iptables cat grep sort sed rm echo wc touch systemctl"
dependencies_found=""
dependencies_not_found=""
for checkPath in ${path_check} ; do
for checkDependencies in ${dependencies} ; do
if [ -f ${checkPath}/${checkDependencies} ] ; then
dependencies_found="${dependencies_found} ${checkDependencies}"
fi
done
done
for notFound in ${dependencies} ; do
check_found_one=$(echo ${dependencies_found} | grep " ${notFound}")
check_found_two=$(echo ${dependencies_found} | grep "${notFound} ")
if_not_found="${check_found_one}${check_found_two}"
if [ -z "${if_not_found}" ] ; then
dependencies_not_found="${dependencies_not_found} ${notFound}"
fi
done
# Show if all dependencies are installed
if [ -z "${dependencies_not_found}" ] ; then
echo > /dev/null
else
echo "blockauth: some required tools are not installed:${dependencies_not_found}"
echo "blockauth: process stopped"
exit
fi
# Function for reduce log
function reduce_log() {
if [ -z "${1}" ] ; then
echo "blockauth: use: $0 <file.log>"
else
if [ -f "${1}" ] ; then
num_tmp=${RANDOM}
tail -4000 "${1}" > "${num_tmp}.tmp"
cat "${num_tmp}.tmp" > "${1}"
rm -rf "${num_tmp}.tmp"
else
echo "blockauth: file ${1} does not exist"
fi
fi
}
# Check auth.log
if [ ! -f /var/log/auth.log ] ; then
echo "blockauth: file /var/log/auth.log does no exist"
echo "blockauth: process stopped"
exit
fi
# Read configuration file
if [ -f /etc/blockauth/blockauth.conf ] ; then
source /etc/blockauth/blockauth.conf
else
mkdir -p /etc/blockauth/
echo "# Blockauth configuration file" > /etc/blockauth/blockauth.conf
echo "valid_users=\"test1 test2\"" >> /etc/blockauth/blockauth.conf
echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf
echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
echo "max_ip_blocklist=\"500\"" >> /etc/blockauth/blockauth.conf
echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf
fi
# Check integrity of configuration file
if [ -z "${valid_users}" ] ; then
echo "valid_users=\"test1 test2\"" >> /etc/blockauth/blockauth.conf
fi
if [ -z "${always_ip_allowed}" ] ; then
echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf
fi
if [ -z "${blocklist}" ] ; then
echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf
fi
if [ -z "${filelog}" ] ; then
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
fi
if [ -z "${max_ip_blocklist}" ] ; then
echo "max_ip_blocklist=\"500\"" >> /etc/blockauth/blockauth.conf
fi
if [ -z "${block_ports}" ] ; then
echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf
fi
source /etc/blockauth/blockauth.conf
# Force edit configuration file
if [ "${valid_users}" == "test1 test2" ] ; then
echo "blockauth: you must first configure the file /etc/blockauth/blockauth.conf"
echo "blockauth: process stopped"
exit
fi
echo "blockauth: running process"
echo "blockauth: running process" >> ${filelog}
blockauth=0
while [ ${blockauth} -eq 0 ] ; do
sleep 60
# Read auth.log file and select blocked IPs
for user in ${valid_users} ; do
echo "blockauth: allowing access for ${user}"
echo "blockauth: allowing access for ${user}" >> ${filelog}
sed -i "s/Failed password for ${user} from/blockauth\[allowed\]\: invalid pass for ${user} from/g" /var/log/auth.log
sed -i "s/Failed password for invalid user ${user} from/blockauth\[allowed\]\: invalid pass for ${user} from/g" /var/log/auth.log
systemctl restart rsyslog &> /dev/null
done
# Reset blocklist when maximum is reached
num_blocklist=$(cat ${blocklist} | wc -l)
if [ "${num_blocklist}" -ge "${max_ip_blocklist}" ] ; then
rm -rf ${blocklist}
touch ${blocklist}
echo "blockauth: resetting blocklist because maximum has been reached"
echo "blockauth: resetting blocklist because maximum has been reached" >> ${filelog}
iptables -F
fi
touch ${blocklist}
cat ${blocklist} > ${blocklist}.temp
echo "blockauth: creating blocklist"
echo "blockauth: creating blocklist" >> ${filelog}
cat /var/log/auth.log | grep "Failed password for" | grep -o -P '(?<=from).*(?=port)' >> ${blocklist}.temp
sort -u ${blocklist}.temp > ${blocklist}
rm -rf ${blocklist}.temp
sed -i 's/Failed password for/blockauth\[blocked\]\: invalid pass for/g' /var/log/auth.log
# Exclude allowed IPs
if [ -z "${always_ip_allowed}" ] ; then
echo "blockauth: running exclude allowed ips"
echo "blockauth: running exclude allowed ips" >> ${filelog}
else
echo "blockauth: running exclude allowed ips"
echo "blockauth: running exclude allowed ips" >> ${filelog}
for allowed_ip in ${always_ip_allowed} ; do
echo "blockauth: allowing ip ${allowed_ip}"
echo "blockauth: allowing ip ${allowed_ip}" >> ${filelog}
sed -i "/${allowed_ip}/d" ${blocklist}
done
fi
# Block IPs using iptables
for block_ip in $(cat ${blocklist}) ; do
read_block_ip=$(iptables -n -L | grep "${block_ip}")
if [ -z "${read_block_ip}" ] ; then
echo "blockauth: blocking ip ${block_ip}"
echo "blockauth: blocking ip ${block_ip}" >> ${filelog}
iptables -A OUTPUT -p tcp -m multiport -d ${block_ip} --sports ${block_ports} -j DROP
fi
done
# Reduce log
reduce_log ${filelog}
done