F2B script unusable - fixes #1677
This commit is contained in:
Georg Lauterbach 2020-11-05 13:25:42 +01:00 committed by GitHub
commit 59c18ede4d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 24 deletions

View file

@ -5,6 +5,7 @@
function usage { echo "Usage: ${0} [<unban> <ip-address>]" ; }
unset JAILS
declare -a JAILS
for LIST in $(fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,/ /g')
do
@ -13,49 +14,44 @@ done
if [[ -z ${1} ]]
then
IP_COUNT=0
for JAIL in "${JAILS[@]}"
do
declare -a BANNED_IPS
BANNED_IP="$(iptables -L "f2b-${JAIL}" -n 2>/dev/null | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')"
while read -r LINE
do
BANNED_IPS+=("$(echo "${LINE}" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')")
done < <(iptables -L f2b-"${JAIL}" -n)
if [[ ${#BANNED_IPS[@]} -ne 0 ]]
if [[ -n ${BANNED_IP} ]]
then
for BANNED_IP in "${BANNED_IPS[@]}"
do
echo "Banned in ${JAIL}: ${BANNED_IP}"
IP_COUNT=$(( IP_COUNT + 1 ))
done
echo "Banned in ${JAIL}: ${BANNED_IP//$'\n'/, }"
IP_COUNT=$(( IP_COUNT + 1 ))
fi
done
if [[ ${IP_COUNT} -eq 0 ]]
then
echo "No IPs have been banned"
echo "No IPs have been banned."
fi
else
case ${1} in
unban)
shift
if [[ -n ${1} ]]
then
for JAIL in "${JAILS[@]}"
do
RESULT="$(fail2ban-client set "${JAIL}" unbanip "${@}")"
RESULT="$(fail2ban-client set "${JAIL}" unbanip "${@}" 2>&1)"
if [[ ${RESULT} != *"is not banned"* ]] && [[ ${RESULT} != *"NOK"* ]]
then
echo -n "unbanned IP from ${JAIL}: "
echo "${RESULT}"
fi
[[ "${RESULT}" != *"is not banned"* ]] && [[ "${RESULT}" != *"NOK"* ]] && echo -e "Unbanned IP from ${JAIL}: ${RESULT}"
done
else
errex "You need to specify an IP address. Run \"./setup.sh debug fail2ban\" to get a list of banned IP addresses."
echo "You need to specify an IP address. Run './setup.sh debug fail2ban' to get a list of banned IP addresses." >&2
exit 0
fi
;;
@ -64,5 +60,8 @@ else
errex "unknown command: ${1}"
;;
esac
esac
fi
exit 0

View file

@ -127,11 +127,11 @@ function teardown_file() {
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5"
sleep 10
run ./setup.sh -c mail_fail2ban debug fail2ban
assert_output -p "Banned in dovecot: 192.0.66.5" -p "Banned in dovecot: 192.0.66.4"
assert_output --regexp "^Banned in dovecot: 192.0.66.5, 192.0.66.4.*"
run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.4
assert_output --partial "unbanned IP from dovecot: 192.0.66.4"
assert_output --partial "Unbanned IP from dovecot: 192.0.66.4"
run ./setup.sh -c mail_fail2ban debug fail2ban
assert_output --partial "Banned in dovecot: 192.0.66.5"
assert_output --regexp "^Banned in dovecot: 192.0.66.5.*"
run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.5
run ./setup.sh -c mail_fail2ban debug fail2ban unban
assert_output --partial "You need to specify an IP address. Run"