mirror of
https://github.com/SubleXBle/Fail2Ban-Report.git
synced 2026-05-23 08:49:11 -05:00
Delete Backend/multi/firewall-update.sh
This commit is contained in:
SubleXBle
@@ -1,148 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# --- Configuration ---
|
||||
BLOCKLIST_DIR="/opt/Fail2Ban-Report/archive/blocklists"
|
||||
LOGFILE="/opt/Fail2Ban-Report/Firewall.log"
|
||||
LOGGING=true # Set to true to enable logging
|
||||
|
||||
CLIENT_USER="MyClientName"
|
||||
CLIENT_PASS="MyPassword"
|
||||
CLIENT_UUID="MyUUID"
|
||||
BACKSYNC_URL="https://my.server.tld/Fail2Ban-Report/endpoint/backsync.php"
|
||||
CLIENT_LOG="/var/log/fail2ban-report-client.log"
|
||||
|
||||
# --- Set PATH ---
|
||||
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
||||
# --- Logging function ---
|
||||
log() {
|
||||
if [ "$LOGGING" = true ]; then
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') - $*" >> "$LOGFILE"
|
||||
fi
|
||||
}
|
||||
|
||||
# --- Check prerequisites ---
|
||||
if ! command -v jq &>/dev/null; then
|
||||
log "ERROR: jq is not installed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command -v ufw &>/dev/null; then
|
||||
log "ERROR: ufw is not installed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# --- Get currently blocked IPs from UFW ---
|
||||
TMP_BLOCKED="/tmp/current_ufw_blocklist.txt"
|
||||
ufw status numbered | grep "DENY IN" | awk '{print $3}' > "$TMP_BLOCKED" || true
|
||||
|
||||
# --- Loop through all blocklist files ---
|
||||
PROCESSED_FILES=()
|
||||
|
||||
for FILE in "$BLOCKLIST_DIR"/*.blocklist.json; do
|
||||
[ -e "$FILE" ] || continue # skip if no files match
|
||||
|
||||
JAIL_NAME=$(basename "$FILE" .blocklist.json)
|
||||
LOCKFILE="/tmp/${JAIL_NAME}.blocklist.lock"
|
||||
|
||||
log "Processing blocklist: $FILE"
|
||||
|
||||
# === Acquire lock ===
|
||||
exec {lock_fd}>"$LOCKFILE"
|
||||
if ! flock -x "$lock_fd"; then
|
||||
log "ERROR: Could not acquire lock for $JAIL_NAME"
|
||||
continue
|
||||
fi
|
||||
|
||||
# Extract active and inactive IPs
|
||||
mapfile -t active_ips < <(jq -r '.[] | select(.active != false) | .ip' "$FILE")
|
||||
mapfile -t inactive_ips < <(jq -r '.[] | select(.active == false) | .ip' "$FILE")
|
||||
|
||||
blocked_success=()
|
||||
|
||||
# --- BLOCK: Collect all new IPs and block them ---
|
||||
for ip in "${active_ips[@]}"; do
|
||||
if ! grep -qw "$ip" "$TMP_BLOCKED"; then
|
||||
log "Blocking IP: $ip"
|
||||
if ufw deny from "$ip"; then
|
||||
blocked_success+=("$ip")
|
||||
else
|
||||
log "Failed to block $ip via ufw"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# Reload UFW once after all block actions
|
||||
if ((${#blocked_success[@]} > 0)); then
|
||||
log "Reloading UFW after block actions"
|
||||
ufw reload
|
||||
fi
|
||||
|
||||
# --- UNBLOCK: Process each inactive IP individually ---
|
||||
for ip in "${inactive_ips[@]}"; do
|
||||
mapfile -t rules < <(ufw status numbered | grep "$ip" | grep "DENY IN" | tac)
|
||||
for rule in "${rules[@]}"; do
|
||||
rule_number=$(echo "$rule" | awk -F'[][]' '{print $2}')
|
||||
if [[ -n "$rule_number" ]]; then
|
||||
log "Removing UFW rule #$rule_number for IP: $ip"
|
||||
ufw --force delete "$rule_number"
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
# --- JSON Update: pending=false for blocked_success, remove inactive entries ---
|
||||
tmp_file=$(mktemp)
|
||||
BLOCK_JSON=$(printf '%s\n' "${blocked_success[@]:-}" | jq -R . | jq -s .)
|
||||
jq --argjson ips "$BLOCK_JSON" '
|
||||
map(
|
||||
if (.ip as $ip | $ips | index($ip)) then .pending = false else . end
|
||||
)
|
||||
| map(select(.active != false))
|
||||
' "$FILE" > "$tmp_file" && mv "$tmp_file" "$FILE"
|
||||
|
||||
# Set ownership and permissions
|
||||
chown www-data:www-data "$FILE"
|
||||
chmod 644 "$FILE"
|
||||
|
||||
# === Release lock ===
|
||||
flock -u "$lock_fd"
|
||||
exec {lock_fd}>&-
|
||||
|
||||
PROCESSED_FILES+=("$FILE")
|
||||
done
|
||||
|
||||
log "All blocklists processed successfully."
|
||||
|
||||
# --- Upload processed blocklists to backsync.php ---
|
||||
for FILE in "${PROCESSED_FILES[@]}"; do
|
||||
log "Uploading $FILE to backsync.php ..."
|
||||
|
||||
response=$(curl -s -w "\n%{http_code}" -X POST "$BACKSYNC_URL" \
|
||||
-F "username=$CLIENT_USER" \
|
||||
-F "password=$CLIENT_PASS" \
|
||||
-F "uuid=$CLIENT_UUID" \
|
||||
-F "file=@$FILE" || true)
|
||||
|
||||
http_code=$(tail -n1 <<< "$response")
|
||||
body=$(sed '$d' <<< "$response")
|
||||
|
||||
if [ "$http_code" -eq 0 ]; then
|
||||
log "ERROR: Connection failed to $BACKSYNC_URL"
|
||||
continue
|
||||
fi
|
||||
|
||||
log "HTTP Status: $http_code, Response: $body"
|
||||
|
||||
success=$(echo "$body" | jq -r '.success // empty')
|
||||
if [ "$success" == "true" ]; then
|
||||
log "✅ $FILE successfully synced to server"
|
||||
else
|
||||
log "❌ Failed to sync $FILE: $(echo "$body" | jq -r '.message // empty')"
|
||||
fi
|
||||
done
|
||||
|
||||
log "All processed blocklists uploaded."
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user