moved fail2ban function from setup.sh to own file (#837)

* moved fail2ban function out of setup.sh
2024-01-19 02:48:50 +00:00 · 2018-02-13 08:31:12 +01:00 · 2018-02-13 08:31:12 +01:00 · b08c9b42ed
parent 19cb22a1a5
commit b08c9b42ed
3 changed files with 60 additions and 50 deletions
--- a/setup.sh
+++ b/setup.sh
@ -205,43 +205,7 @@ case $1 in
        ;;
      fail2ban)
        shift
-        JAILS=$(_docker_container fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,//g')
-        if [ -z "$1" ]; then
-          IP_COUNT=0
-	  for JAIL in $JAILS; do
-            BANNED_IP=$(_docker_container iptables -L f2b-$JAIL -n | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')
-            if [ -n "$BANNED_IP" ]; then
-	      BANNED_IP=$(echo $BANNED_IP | sed -e 's/\n/,/g')
-	      echo "Banned in $JAIL: $BANNED_IP"
-	      IP_COUNT=$((IP_COUNT+1))
-            fi
-          done
-          if [ "$IP_COUNT" -eq 0 ]; then
-            echo "No IPs have been banned"
-          fi
-        else
-          case $1 in
-            unban)
-              shift
-              if [ -n "$1" ]; then
-                for JAIL in $JAILS; do
-                  RESULT=`_docker_container fail2ban-client set $JAIL unbanip $@`
-		  case "$RESULT" in
-		    *"is not banned"*) ;;
-		    *"NOK"*) ;;
-		    *)  echo -n "unbanned IP from $JAIL: "
-			echo "$RESULT";;
-		  esac
-                done
-              else
-                echo "You need to specify an IP address. Run \"./setup.sh debug fail2ban\" to get a list of banned IP addresses."
-              fi
-              ;;
-            *)
-              _usage
-              ;;
-          esac
-        fi
+        _docker_container fail2ban $@
        ;;
      show-mail-logs)
        _docker_container cat /var/log/mail/mail.log
--- a/target/bin/fail2ban
+++ b/target/bin/fail2ban
@ -0,0 +1,46 @@
+#! /bin/bash
+
+usage() {
+  echo "Usage: $0 [<unban> <ip-address>]"
+}
+
+raise() {
+  echo "$@" 1>&2
+  exit 1
+}
+
+JAILS=$(fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,//g')
+if [ -z "$1" ]; then
+  IP_COUNT=0
+  for JAIL in $JAILS; do
+    BANNED_IP=$(iptables -L f2b-$JAIL -n | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')
+    if [ -n "$BANNED_IP" ]; then
+      BANNED_IP=$(echo $BANNED_IP | sed -e 's/\n/,/g')
+      echo "Banned in $JAIL: $BANNED_IP"
+      IP_COUNT=$((IP_COUNT+1))
+    fi
+  done
+  if [ "$IP_COUNT" -eq 0 ]; then
+    echo "No IPs have been banned"
+  fi
+else
+  case $1 in
+    unban)
+      shift
+      if [ -n "$1" ]; then
+        for JAIL in $JAILS; do
+          RESULT=`fail2ban-client set $JAIL unbanip $@`
+          if [[ "$RESULT" != *"is not banned"* ]] && [[ "$RESULT" != *"NOK"* ]]; then
+            echo -n "unbanned IP from $JAIL: "
+            echo "$RESULT"
+          fi
+        done
+      else
+        raise "You need to specify an IP address. Run \"./setup.sh debug fail2ban\" to get a list of banned IP addresses."
+      fi
+      ;;
+    *)
+      usage; raise "unknown command: $1"
+      ;;
+    esac
+fi
--- a/test/tests.bats
+++ b/test/tests.bats
@ -1199,11 +1199,11 @@ load 'test_helper/bats-assert/load'
  run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5"
  sleep 10
  run ./setup.sh -c mail_fail2ban debug fail2ban
-  assert_output "Banned in dovecot: 192.0.66.5 192.0.66.4"
+  assert_output --regexp "^Banned in dovecot: 192.0.66.5 192.0.66.4.*"
  run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.4
  assert_output --partial "unbanned IP from dovecot: 192.0.66.4"
  run ./setup.sh -c mail_fail2ban debug fail2ban
-  assert_output "Banned in dovecot: 192.0.66.5"
+  assert_output --regexp "^Banned in dovecot: 192.0.66.5.*"
  run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.5
  run ./setup.sh -c mail_fail2ban debug fail2ban unban
  assert_output --partial "You need to specify an IP address. Run"