commit b1d0c568942d07cce8893071b2f7da93e3490fcd Author: Johnny Date: Sat Dec 6 16:16:19 2025 +0000 Ajouter fail2ban-manager.sh diff --git a/fail2ban-manager.sh b/fail2ban-manager.sh new file mode 100644 index 0000000..c05666a --- /dev/null +++ b/fail2ban-manager.sh @@ -0,0 +1,416 @@ +#!/bin/bash + +# Script de gestion des bannissements Fail2ban +# Version: 1.0 + +set -euo pipefail + +# Couleurs +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +CYAN='\033[0;36m' +MAGENTA='\033[0;35m' +NC='\033[0m' + +# Vérification root +check_root() { + if [ "$EUID" -ne 0 ]; then + echo -e "${RED}[ERREUR]${NC} Ce script doit être exécuté en tant que root" + exit 1 + fi +} + +# Vérification Fail2ban +check_fail2ban() { + if ! command -v fail2ban-client > /dev/null 2>&1; then + echo -e "${RED}[ERREUR]${NC} Fail2ban n'est pas installé" + exit 1 + fi + + if ! systemctl is-active --quiet fail2ban; then + echo -e "${RED}[ERREUR]${NC} Fail2ban n'est pas actif" + echo "Démarrez-le avec: systemctl start fail2ban" + exit 1 + fi +} + +# Afficher le header +show_header() { + clear + echo "════════════════════════════════════════════════════════════════" + echo -e "${CYAN} Gestionnaire de Bannissements Fail2ban${NC}" + echo "════════════════════════════════════════════════════════════════" + echo "" +} + +# Lister toutes les jails actives +list_jails() { + echo -e "${BLUE}[Jails actives]${NC}" + echo "" + + local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) + + if [ -z "$jails" ]; then + echo -e "${YELLOW}Aucune jail active${NC}" + return 1 + fi + + local count=0 + for jail in $jails; do + count=$((count + 1)) + local banned=$(fail2ban-client status "$jail" | grep "Currently banned" | awk '{print $NF}') + local total=$(fail2ban-client status "$jail" | grep "Total banned" | awk '{print $NF}') + + if [ "$banned" -gt 0 ]; then + echo -e " ${count}. ${GREEN}$jail${NC} - ${RED}$banned${NC} IP(s) bannies (Total: $total)" + else + echo -e " ${count}. ${GREEN}$jail${NC} - ${YELLOW}0${NC} IP bannie (Total: $total)" + fi + done + + echo "" + return 0 +} + +# Lister les IPs bannies pour toutes les jails +list_all_banned() { + echo -e "${BLUE}[IPs actuellement bannies]${NC}" + echo "" + + local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) + local total_banned=0 + + for jail in $jails; do + local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') + + if [ -n "$banned_ips" ] && [ "$banned_ips" != "" ]; then + echo -e "${CYAN}Jail: $jail${NC}" + for ip in $banned_ips; do + total_banned=$((total_banned + 1)) + # Récupérer le pays si possible (via whois ou geoip) + echo -e " ${RED}•${NC} $ip" + done + echo "" + fi + done + + if [ "$total_banned" -eq 0 ]; then + echo -e "${GREEN}✓ Aucune IP bannie actuellement${NC}" + echo "" + else + echo -e "${YELLOW}Total: $total_banned IP(s) bannie(s)${NC}" + echo "" + fi +} + +# Débannir une IP spécifique +unban_ip() { + local ip="$1" + + echo -e "${YELLOW}[Débannissement de $ip]${NC}" + echo "" + + local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) + local found=false + + for jail in $jails; do + local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') + + if echo "$banned_ips" | grep -qw "$ip"; then + echo -e " → Débannissement de ${CYAN}$ip${NC} dans la jail ${GREEN}$jail${NC}..." + fail2ban-client set "$jail" unbanip "$ip" + echo -e " ${GREEN}✓${NC} IP débannie de $jail" + found=true + fi + done + + if [ "$found" = false ]; then + echo -e "${YELLOW}L'IP $ip n'est bannie dans aucune jail${NC}" + else + echo -e "\n${GREEN}✓ IP $ip complètement débannie${NC}" + fi + echo "" +} + +# Débannir toutes les IPs d'une jail +unban_jail() { + local jail="$1" + + echo -e "${YELLOW}[Débannissement de toutes les IPs de la jail: $jail]${NC}" + echo "" + + local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') + + if [ -z "$banned_ips" ] || [ "$banned_ips" = "" ]; then + echo -e "${YELLOW}Aucune IP bannie dans cette jail${NC}" + echo "" + return + fi + + local count=0 + for ip in $banned_ips; do + echo -e " → Débannissement de ${CYAN}$ip${NC}..." + fail2ban-client set "$jail" unbanip "$ip" + count=$((count + 1)) + done + + echo -e "\n${GREEN}✓ $count IP(s) débannie(s) de la jail $jail${NC}" + echo "" +} + +# Débannir toutes les IPs de toutes les jails +unban_all() { + echo -e "${RED}[Débannissement de TOUTES les IPs]${NC}" + echo "" + + read -p "Êtes-vous sûr? (oui/non): " confirm + + if [ "$confirm" != "oui" ]; then + echo -e "${YELLOW}Opération annulée${NC}" + echo "" + return + fi + + local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) + local total_unbanned=0 + + for jail in $jails; do + local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') + + if [ -n "$banned_ips" ] && [ "$banned_ips" != "" ]; then + echo -e "${CYAN}Jail: $jail${NC}" + for ip in $banned_ips; do + echo -e " → Débannissement de ${CYAN}$ip${NC}..." + fail2ban-client set "$jail" unbanip "$ip" + total_unbanned=$((total_unbanned + 1)) + done + fi + done + + echo "" + echo -e "${GREEN}✓ Total: $total_unbanned IP(s) débannie(s)${NC}" + echo "" +} + +# Afficher les statistiques +show_stats() { + echo -e "${BLUE}[Statistiques Fail2ban]${NC}" + echo "" + + local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) + + echo -e "${CYAN}Jail${NC} ${CYAN}Actuellement${NC} ${CYAN}Total${NC} ${CYAN}Tentatives${NC}" + echo "──────────────────── ───────────── ──────── ───────────" + + for jail in $jails; do + local status=$(fail2ban-client status "$jail") + local currently=$(echo "$status" | grep "Currently banned" | awk '{print $NF}') + local total=$(echo "$status" | grep "Total banned" | awk '{print $NF}') + local failed=$(echo "$status" | grep "Currently failed" | awk '{print $NF}') + + printf "%-20s " "$jail" + + if [ "$currently" -gt 0 ]; then + printf "${RED}%-13s${NC} " "$currently" + else + printf "${GREEN}%-13s${NC} " "$currently" + fi + + printf "%-8s %-10s\n" "$total" "$failed" + done + + echo "" +} + +# Voir les logs récents +show_logs() { + local jail="${1:-sshd}" + local lines="${2:-20}" + + echo -e "${BLUE}[Logs récents - Jail: $jail]${NC}" + echo "" + + if [ ! -f "/var/log/fail2ban.log" ]; then + echo -e "${YELLOW}Fichier de log non trouvé${NC}" + echo "" + return + fi + + grep "\[$jail\]" /var/log/fail2ban.log | tail -n "$lines" + echo "" +} + +# Menu interactif +show_menu() { + echo -e "${MAGENTA}[Menu]${NC}" + echo "" + echo " 1. Lister toutes les IPs bannies" + echo " 2. Lister les jails actives" + echo " 3. Débannir une IP spécifique" + echo " 4. Débannir toutes les IPs d'une jail" + echo " 5. Débannir TOUTES les IPs" + echo " 6. Afficher les statistiques" + echo " 7. Voir les logs récents" + echo " 8. Actualiser" + echo " 0. Quitter" + echo "" + echo -n "Votre choix: " +} + +# Mode interactif +interactive_mode() { + while true; do + show_header + list_jails + list_all_banned + show_menu + + read choice + echo "" + + case $choice in + 1) + show_header + list_all_banned + read -p "Appuyez sur Entrée pour continuer..." + ;; + 2) + show_header + list_jails + show_stats + read -p "Appuyez sur Entrée pour continuer..." + ;; + 3) + echo -n "IP à débannir: " + read ip + unban_ip "$ip" + read -p "Appuyez sur Entrée pour continuer..." + ;; + 4) + echo -n "Nom de la jail: " + read jail + unban_jail "$jail" + read -p "Appuyez sur Entrée pour continuer..." + ;; + 5) + unban_all + read -p "Appuyez sur Entrée pour continuer..." + ;; + 6) + show_header + show_stats + read -p "Appuyez sur Entrée pour continuer..." + ;; + 7) + echo -n "Jail (défaut: sshd): " + read jail + jail=${jail:-sshd} + echo -n "Nombre de lignes (défaut: 20): " + read lines + lines=${lines:-20} + show_header + show_logs "$jail" "$lines" + read -p "Appuyez sur Entrée pour continuer..." + ;; + 8) + continue + ;; + 0) + echo -e "${GREEN}Au revoir!${NC}" + exit 0 + ;; + *) + echo -e "${RED}Choix invalide${NC}" + sleep 2 + ;; + esac + done +} + +# Mode ligne de commande +usage() { + echo "Usage: $0 [option]" + echo "" + echo "Options:" + echo " -l, --list Lister toutes les IPs bannies" + echo " -j, --jails Lister les jails actives" + echo " -u, --unban Débannir une IP spécifique" + echo " -U, --unban-jail Débannir toutes les IPs d'une jail" + echo " -a, --unban-all Débannir toutes les IPs" + echo " -s, --stats Afficher les statistiques" + echo " -L, --logs [jail] Afficher les logs (défaut: sshd)" + echo " -i, --interactive Mode interactif (défaut)" + echo " -h, --help Afficher l'aide" + echo "" + exit 0 +} + +# Programme principal +main() { + check_root + check_fail2ban + + # Si aucun argument, mode interactif + if [ $# -eq 0 ]; then + interactive_mode + exit 0 + fi + + # Mode ligne de commande + case "$1" in + -l|--list) + show_header + list_all_banned + ;; + -j|--jails) + show_header + list_jails + show_stats + ;; + -u|--unban) + if [ -z "${2:-}" ]; then + echo -e "${RED}Erreur: IP manquante${NC}" + echo "Usage: $0 --unban " + exit 1 + fi + show_header + unban_ip "$2" + ;; + -U|--unban-jail) + if [ -z "${2:-}" ]; then + echo -e "${RED}Erreur: Nom de jail manquant${NC}" + echo "Usage: $0 --unban-jail " + exit 1 + fi + show_header + unban_jail "$2" + ;; + -a|--unban-all) + show_header + unban_all + ;; + -s|--stats) + show_header + show_stats + ;; + -L|--logs) + show_header + show_logs "${2:-sshd}" "${3:-20}" + ;; + -i|--interactive) + interactive_mode + ;; + -h|--help) + usage + ;; + *) + echo -e "${RED}Option invalide: $1${NC}" + echo "" + usage + ;; + esac +} + +main "$@" \ No newline at end of file