mirror of
https://github.com/SubleXBle/Fail2Ban-Report.git
synced 2026-02-05 00:08:27 -06:00
298 lines
10 KiB
Bash
298 lines
10 KiB
Bash
#!/bin/bash
|
|
|
|
# Colors for output
|
|
NORMAL='\033[0;39m'
|
|
GREEN='\033[1;32m'
|
|
RED='\033[1;31m'
|
|
YELLOW='\033[33m'
|
|
BLUE='\033[34m'
|
|
|
|
REPO_URL="https://github.com/SubleXBle/Fail2Ban-Report.git"
|
|
BRANCH_NAME="latest"
|
|
|
|
DEFAULT_WEBROOT="/var/www/html"
|
|
DEFAULT_SH_PATH="/opt/Fail2Ban-Report"
|
|
DEFAULT_CONFIG_PATH="$DEFAULT_SH_PATH/fail2ban-report.config"
|
|
PHP_CONFIG_PATH="$DEFAULT_SH_PATH/includes/config.php"
|
|
|
|
echo -e "${BLUE}--- Fail2Ban-Report Installer ---${NORMAL}"
|
|
|
|
# Ask for Webroot path
|
|
read -rp "Please enter the installation directory for the web tool (default: $DEFAULT_WEBROOT): " WEBROOT
|
|
WEBROOT=${WEBROOT:-$DEFAULT_WEBROOT}
|
|
TARGET_DIR="${WEBROOT%/}/Fail2Ban-Report"
|
|
|
|
# Ask for .sh script storage path
|
|
read -rp "Please enter the directory to store shell scripts (default: $DEFAULT_SH_PATH): " SH_PATH
|
|
SH_PATH=${SH_PATH:-$DEFAULT_SH_PATH}
|
|
|
|
# Ask for config file path (optional)
|
|
read -rp "Please enter the path for the config file (default: $DEFAULT_CONFIG_PATH): " CONFIG_PATH
|
|
CONFIG_PATH=${CONFIG_PATH:-$DEFAULT_CONFIG_PATH}
|
|
|
|
echo -e "\nUsing webroot installation path: $TARGET_DIR"
|
|
echo -e "Using shell script path: $SH_PATH"
|
|
echo -e "Using config file path: $CONFIG_PATH\n"
|
|
|
|
# Check for git with polite option for wget fallback
|
|
echo -e "${BLUE}Checking if git is installed...${NORMAL}"
|
|
if ! command -v git &>/dev/null; then
|
|
echo -e "${YELLOW}Git is not installed.${NORMAL}"
|
|
read -rp "Would you like to download the repository as a ZIP archive using wget instead? (Y/N): " use_wget
|
|
use_wget=${use_wget,,}
|
|
if [[ "$use_wget" == "y" ]]; then
|
|
ZIP_URL="https://github.com/SubleXBle/Fail2Ban-Report/archive/refs/heads/$BRANCH_NAME.zip"
|
|
ZIP_FILE="/tmp/fail2ban_report.zip"
|
|
echo -e "${BLUE}Downloading ZIP archive...${NORMAL}"
|
|
if ! command -v wget &>/dev/null; then
|
|
echo -e "${RED}wget is not installed. Please install wget or git manually and rerun this installer.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
wget -O "$ZIP_FILE" "$ZIP_URL"
|
|
echo -e "${BLUE}Extracting ZIP archive...${NORMAL}"
|
|
if ! command -v unzip &>/dev/null; then
|
|
echo -e "${RED}unzip is not installed. Please install unzip manually and rerun this installer.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
unzip -o "$ZIP_FILE" -d /tmp/
|
|
rm -f "$ZIP_FILE"
|
|
mv "/tmp/Fail2Ban-Report-$BRANCH_NAME" "$TARGET_DIR"
|
|
else
|
|
echo -e "${RED}Git is required or please choose to download via wget. Exiting.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
else
|
|
# git is installed, proceed with clone or pull
|
|
|
|
if [ -d "$TARGET_DIR" ]; then
|
|
if [ -d "$TARGET_DIR/.git" ]; then
|
|
echo -e "${BLUE}Repository already exists. Pulling latest changes...${NORMAL}"
|
|
cd "$TARGET_DIR" || { echo -e "${RED}Cannot change directory to $TARGET_DIR${NORMAL}"; exit 1; }
|
|
git pull origin "$BRANCH_NAME"
|
|
else
|
|
echo -e "${YELLOW}$TARGET_DIR exists but is not a git repository.${NORMAL}"
|
|
|
|
# Check if remote repo reachable
|
|
if git ls-remote "$REPO_URL" &>/dev/null; then
|
|
read -rp "Do you want to delete $TARGET_DIR and clone fresh? (Y/N): " yn
|
|
yn=${yn,,}
|
|
if [[ "$yn" == "y" ]]; then
|
|
rm -rf "$TARGET_DIR"
|
|
echo -e "${BLUE}Cloning Fail2Ban-Report repository into $TARGET_DIR...${NORMAL}"
|
|
git clone -b "$BRANCH_NAME" "$REPO_URL" "$TARGET_DIR"
|
|
else
|
|
echo -e "${RED}Installation aborted by user.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo -e "${RED}Cannot reach remote repository at $REPO_URL.${NORMAL}"
|
|
echo -e "${RED}Please check your internet connection or fix $TARGET_DIR manually.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
fi
|
|
else
|
|
echo -e "${YELLOW}Cloning Fail2Ban-Report repository into $TARGET_DIR...${NORMAL}"
|
|
git clone -b "$BRANCH_NAME" "$REPO_URL" "$TARGET_DIR"
|
|
fi
|
|
fi
|
|
|
|
# Check and optionally install jq
|
|
echo -e "\n${BLUE}Checking for jq...${NORMAL}"
|
|
if ! command -v jq &>/dev/null; then
|
|
echo -e "${YELLOW}jq is not installed.${NORMAL}"
|
|
read -rp "Would you like to install jq now? (Y/N): " install_jq
|
|
install_jq=${install_jq,,}
|
|
if [[ "$install_jq" == "y" ]]; then
|
|
if command -v apt &>/dev/null; then
|
|
sudo apt update && sudo apt install -y jq
|
|
elif command -v dnf &>/dev/null; then
|
|
sudo dnf install -y jq
|
|
elif command -v pacman &>/dev/null; then
|
|
sudo pacman -Sy jq --noconfirm
|
|
else
|
|
echo -e "${RED}Unsupported package manager. Please install jq manually.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo -e "${RED}jq is required for this tool. Exiting.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo -e "${GREEN}jq is already installed.${NORMAL}"
|
|
fi
|
|
|
|
# Ensure shell script path exists
|
|
mkdir -p "$SH_PATH"
|
|
|
|
# === fail2ban_log2json.sh installation ===
|
|
if [ -f "$TARGET_DIR/fail2ban_log2json.sh" ]; then
|
|
echo -e "\n${BLUE}Installing fail2ban_log2json.sh...${NORMAL}"
|
|
cp "$TARGET_DIR/fail2ban_log2json.sh" "$SH_PATH/"
|
|
chmod +x "$SH_PATH/fail2ban_log2json.sh"
|
|
else
|
|
echo -e "${RED}fail2ban_log2json.sh not found in repo.${NORMAL}"
|
|
exit 1
|
|
fi
|
|
|
|
# Set ARCHIVE_PATH in fail2ban_log2json.sh
|
|
ARCHIVE_PATH="${TARGET_DIR}/archive"
|
|
ESCAPED_ARCHIVE_PATH=$(echo "$ARCHIVE_PATH" | sed 's_/_\\/_g')
|
|
if grep -q "^ARCHIVE_PATH=" "$SH_PATH/fail2ban_log2json.sh"; then
|
|
sed -i "s/^ARCHIVE_PATH=.*/ARCHIVE_PATH=\"$ESCAPED_ARCHIVE_PATH\"/" "$SH_PATH/fail2ban_log2json.sh"
|
|
else
|
|
sed -i "1iARCHIVE_PATH=\"$ESCAPED_ARCHIVE_PATH\"" "$SH_PATH/fail2ban_log2json.sh"
|
|
fi
|
|
|
|
mkdir -p "$ARCHIVE_PATH"
|
|
chmod 755 "$ARCHIVE_PATH"
|
|
|
|
# === firewall-update.sh installation ===
|
|
if [ -f "$TARGET_DIR/firewall-update.sh" ]; then
|
|
echo -e "\n${BLUE}Installing firewall-update.sh...${NORMAL}"
|
|
cp "$TARGET_DIR/firewall-update.sh" "$SH_PATH/"
|
|
chmod +x "$SH_PATH/firewall-update.sh"
|
|
|
|
# Set correct blocklist.json path in firewall-update.sh
|
|
ESCAPED_BLOCKLIST_PATH=$(echo "$ARCHIVE_PATH/blocklist.json" | sed 's_/_\\/_g')
|
|
sed -i "s|^BLOCKLIST_JSON=.*|BLOCKLIST_JSON=\"$ESCAPED_BLOCKLIST_PATH\"|" "$SH_PATH/firewall-update.sh"
|
|
else
|
|
echo -e "${RED}firewall-update.sh not found in repo.${NORMAL}"
|
|
fi
|
|
|
|
# === Create PHP config include with config path constant ===
|
|
echo -e "\n${BLUE}Creating PHP config include file for config path...${NORMAL}"
|
|
mkdir -p "$(dirname "$PHP_CONFIG_PATH")"
|
|
cat > "$PHP_CONFIG_PATH" <<EOF
|
|
<?php
|
|
define('FAIL2BAN_CONFIG_PATH', '$CONFIG_PATH');
|
|
EOF
|
|
chmod 644 "$PHP_CONFIG_PATH"
|
|
echo -e "${GREEN}Created $PHP_CONFIG_PATH with config path constant.${NORMAL}"
|
|
|
|
# === AbuseIPDB and max_display_days config setup ===
|
|
echo -e "\n${BLUE}Configuring reporting and display settings...${NORMAL}"
|
|
echo "This feature lets you check IP reputation from the web interface using AbuseIPDB."
|
|
echo "To enable this, you'll need a (free) API key from https://www.abuseipdb.com/"
|
|
echo "If you don't have a key now, you can leave it blank and add it later manually."
|
|
|
|
read -rp "Would you like to enable AbuseIPDB support? (Y/N): " ENABLE_ABUSE
|
|
ENABLE_ABUSE=${ENABLE_ABUSE,,}
|
|
|
|
read -rp "How many days of daily reports should be shown in the main list? (default: 7): " MAX_DAYS
|
|
MAX_DAYS=${MAX_DAYS:-7}
|
|
|
|
if [[ "$ENABLE_ABUSE" == "y" ]]; then
|
|
read -rp "Please enter your AbuseIPDB API key (or leave blank to add later): " API_KEY
|
|
API_KEY=${API_KEY:-""}
|
|
|
|
echo -e "${YELLOW}Creating AbuseIPDB-enabled config file...${NORMAL}"
|
|
cat > "$CONFIG_PATH" <<EOF
|
|
[reports]
|
|
report=true
|
|
report_types=abuseipdb
|
|
|
|
[AbuseIPDB API Key]
|
|
abuseipdb_key=$API_KEY
|
|
|
|
[Fail2Ban-Daily-List-Settings]
|
|
max_display_days=$MAX_DAYS
|
|
EOF
|
|
|
|
if [[ -z "$API_KEY" ]]; then
|
|
echo -e "${YELLOW}Warning: No API key entered. Add your AbuseIPDB API key manually in $CONFIG_PATH to enable reporting.${NORMAL}"
|
|
fi
|
|
else
|
|
echo -e "${YELLOW}Creating config file with AbuseIPDB disabled...${NORMAL}"
|
|
cat > "$CONFIG_PATH" <<EOF
|
|
[reports]
|
|
report=false
|
|
report_types=
|
|
|
|
[AbuseIPDB API Key]
|
|
abuseipdb_key=
|
|
|
|
[Fail2Ban-Daily-List-Settings]
|
|
max_display_days=$MAX_DAYS
|
|
EOF
|
|
fi
|
|
|
|
chmod 600 "$CONFIG_PATH"
|
|
echo -e "${GREEN}Config file created at $CONFIG_PATH${NORMAL}"
|
|
|
|
# Set ownership to www-data
|
|
echo -e "\n${BLUE}Setting ownership of $TARGET_DIR to www-data:www-data...${NORMAL}"
|
|
chown -R www-data:www-data "$TARGET_DIR"
|
|
|
|
# Remove fail2ban_log2json.sh from web directory (cleanup)
|
|
rm -f "$TARGET_DIR/fail2ban_log2json.sh"
|
|
|
|
# .htaccess Hinweis
|
|
echo -e "\n${BLUE}IMPORTANT: Please configure your .htaccess file to secure the application.${NORMAL}"
|
|
echo "An example .htaccess file is included in the repository."
|
|
|
|
# --- Cronjob installation for fail2ban_log2json.sh ---
|
|
read -rp $'\nInstall daily cronjob for fail2ban_log2json.sh at 3 AM? (Y/N): ' INSTALL_CRON
|
|
INSTALL_CRON=${INSTALL_CRON,,}
|
|
if [[ "$INSTALL_CRON" == "y" ]]; then
|
|
CRON_CMD="0 3 * * * $SH_PATH/fail2ban_log2json.sh > /dev/null 2>&1"
|
|
(crontab -l 2>/dev/null | grep -v -F "$SH_PATH/fail2ban_log2json.sh"; echo "$CRON_CMD") | crontab -
|
|
echo -e "${GREEN}Cronjob installed: $CRON_CMD${NORMAL}"
|
|
else
|
|
echo -e "${BLUE}Skipping cronjob installation for fail2ban_log2json.sh.${NORMAL}"
|
|
fi
|
|
|
|
# --- Cronjob installation for firewall-update.sh with choice ---
|
|
echo -e "\nPlease select how often the firewall-update.sh cronjob should run:"
|
|
echo "1) Every 5 minutes"
|
|
echo "2) Every 15 minutes"
|
|
echo "3) Do not install cronjob"
|
|
|
|
read -rp "Enter your choice [1-3]: " FW_CRON_CHOICE
|
|
case "$FW_CRON_CHOICE" in
|
|
1)
|
|
FW_CRON_SCHEDULE="*/5 * * * *"
|
|
;;
|
|
2)
|
|
FW_CRON_SCHEDULE="*/15 * * * *"
|
|
;;
|
|
3)
|
|
FW_CRON_SCHEDULE=""
|
|
;;
|
|
*)
|
|
echo -e "${YELLOW}Invalid choice. No cronjob will be installed for firewall-update.sh.${NORMAL}"
|
|
FW_CRON_SCHEDULE=""
|
|
;;
|
|
esac
|
|
|
|
if [ -n "$FW_CRON_SCHEDULE" ]; then
|
|
FW_CRON_CMD="$FW_CRON_SCHEDULE $SH_PATH/firewall-update.sh > /dev/null 2>&1"
|
|
(crontab -l 2>/dev/null | grep -v -F "$SH_PATH/firewall-update.sh"; echo "$FW_CRON_CMD") | crontab -
|
|
echo -e "${GREEN}Firewall cronjob installed: $FW_CRON_CMD${NORMAL}"
|
|
else
|
|
echo -e "${BLUE}No firewall cronjob installed.${NORMAL}"
|
|
fi
|
|
|
|
echo -e "\n${GREEN}Installation completed successfully!${NORMAL}"
|
|
echo "Webroot path: $TARGET_DIR"
|
|
echo "Shell scripts in: $SH_PATH"
|
|
echo "Firewall script path: $SH_PATH/firewall-update.sh"
|
|
echo
|
|
|
|
# === Cleanup frontend install directory ===
|
|
echo -e "${BLUE}Cleaning up frontend installation directory...${NORMAL}"
|
|
find "$TARGET_DIR" -type f -name "*.sh" -exec rm -f {} \;
|
|
find "$TARGET_DIR" -type f -name "*.md" -exec rm -f {} \;
|
|
find "$TARGET_DIR" -type f -name "*.config" -exec rm -f {} \;
|
|
|
|
if [ -d "$TARGET_DIR/assets/images" ]; then
|
|
rm -rf "$TARGET_DIR/assets/images"
|
|
echo -e "${GREEN}Removed $TARGET_DIR/assets/images/${NORMAL}"
|
|
fi
|
|
|
|
# Remove this installer script itself
|
|
INSTALLER_PATH="$(realpath "$0")"
|
|
echo -e "${YELLOW}Removing installer script: $INSTALLER_PATH${NORMAL}"
|
|
rm -f "$INSTALLER_PATH"
|
|
|
|
echo "Please ensure your webserver configuration is properly adjusted and test the blocklist system."
|