tuxgyver/fail2ban-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ajouter fail2ban-manager.sh

Browse Source
This commit is contained in:
Johnny
2025-12-06 16:16:19 +00:00
commit b1d0c56894
1 changed files with 416 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

416
fail2ban-manager.sh Normal file
View File

@@ -0,0 +1,416 @@
#!/bin/bash
# Script de gestion des bannissements Fail2ban
# Version: 1.0
set -euo pipefail
# Couleurs
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
MAGENTA='\033[0;35m'
NC='\033[0m'
# Vérification root
check_root() {
if [ "$EUID" -ne 0 ]; then
echo -e "${RED}[ERREUR]${NC} Ce script doit être exécuté en tant que root"
exit 1
fi
}
# Vérification Fail2ban
check_fail2ban() {
if ! command -v fail2ban-client > /dev/null 2>&1; then
echo -e "${RED}[ERREUR]${NC} Fail2ban n'est pas installé"
exit 1
fi
if ! systemctl is-active --quiet fail2ban; then
echo -e "${RED}[ERREUR]${NC} Fail2ban n'est pas actif"
echo "Démarrez-le avec: systemctl start fail2ban"
exit 1
fi
}
# Afficher le header
show_header() {
clear
echo "════════════════════════════════════════════════════════════════"
echo -e "${CYAN} Gestionnaire de Bannissements Fail2ban${NC}"
echo "════════════════════════════════════════════════════════════════"
echo ""
}
# Lister toutes les jails actives
list_jails() {
echo -e "${BLUE}[Jails actives]${NC}"
echo ""
local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs)
if [ -z "$jails" ]; then
echo -e "${YELLOW}Aucune jail active${NC}"
return 1
fi
local count=0
for jail in $jails; do
count=$((count + 1))
local banned=$(fail2ban-client status "$jail" | grep "Currently banned" | awk '{print $NF}')
local total=$(fail2ban-client status "$jail" | grep "Total banned" | awk '{print $NF}')
if [ "$banned" -gt 0 ]; then
echo -e " ${count}. ${GREEN}$jail${NC} - ${RED}$banned${NC} IP(s) bannies (Total: $total)"
else
echo -e " ${count}. ${GREEN}$jail${NC} - ${YELLOW}0${NC} IP bannie (Total: $total)"
fi
done
echo ""
return 0
}
# Lister les IPs bannies pour toutes les jails
list_all_banned() {
echo -e "${BLUE}[IPs actuellement bannies]${NC}"
echo ""
local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs)
local total_banned=0
for jail in $jails; do
local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//')
if [ -n "$banned_ips" ] && [ "$banned_ips" != "" ]; then
echo -e "${CYAN}Jail: $jail${NC}"
for ip in $banned_ips; do
total_banned=$((total_banned + 1))
# Récupérer le pays si possible (via whois ou geoip)
echo -e " ${RED}${NC} $ip"
done
echo ""
fi
done
if [ "$total_banned" -eq 0 ]; then
echo -e "${GREEN}✓ Aucune IP bannie actuellement${NC}"
echo ""
else
echo -e "${YELLOW}Total: $total_banned IP(s) bannie(s)${NC}"
echo ""
fi
}
# Débannir une IP spécifique
unban_ip() {
local ip="$1"
echo -e "${YELLOW}[Débannissement de $ip]${NC}"
echo ""
local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs)
local found=false
for jail in $jails; do
local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//')
if echo "$banned_ips" | grep -qw "$ip"; then
echo -e " → Débannissement de ${CYAN}$ip${NC} dans la jail ${GREEN}$jail${NC}..."
fail2ban-client set "$jail" unbanip "$ip"
echo -e " ${GREEN}${NC} IP débannie de $jail"
found=true
fi
done
if [ "$found" = false ]; then
echo -e "${YELLOW}L'IP $ip n'est bannie dans aucune jail${NC}"
else
echo -e "\n${GREEN}✓ IP $ip complètement débannie${NC}"
fi
echo ""
}
# Débannir toutes les IPs d'une jail
unban_jail() {
local jail="$1"
echo -e "${YELLOW}[Débannissement de toutes les IPs de la jail: $jail]${NC}"
echo ""
local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//')
if [ -z "$banned_ips" ] || [ "$banned_ips" = "" ]; then
echo -e "${YELLOW}Aucune IP bannie dans cette jail${NC}"
echo ""
return
fi
local count=0
for ip in $banned_ips; do
echo -e " → Débannissement de ${CYAN}$ip${NC}..."
fail2ban-client set "$jail" unbanip "$ip"
count=$((count + 1))
done
echo -e "\n${GREEN}$count IP(s) débannie(s) de la jail $jail${NC}"
echo ""
}
# Débannir toutes les IPs de toutes les jails
unban_all() {
echo -e "${RED}[Débannissement de TOUTES les IPs]${NC}"
echo ""
read -p "Êtes-vous sûr? (oui/non): " confirm
if [ "$confirm" != "oui" ]; then
echo -e "${YELLOW}Opération annulée${NC}"
echo ""
return
fi
local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs)
local total_unbanned=0
for jail in $jails; do
local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//')
if [ -n "$banned_ips" ] && [ "$banned_ips" != "" ]; then
echo -e "${CYAN}Jail: $jail${NC}"
for ip in $banned_ips; do
echo -e " → Débannissement de ${CYAN}$ip${NC}..."
fail2ban-client set "$jail" unbanip "$ip"
total_unbanned=$((total_unbanned + 1))
done
fi
done
echo ""
echo -e "${GREEN}✓ Total: $total_unbanned IP(s) débannie(s)${NC}"
echo ""
}
# Afficher les statistiques
show_stats() {
echo -e "${BLUE}[Statistiques Fail2ban]${NC}"
echo ""
local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs)
echo -e "${CYAN}Jail${NC} ${CYAN}Actuellement${NC} ${CYAN}Total${NC} ${CYAN}Tentatives${NC}"
echo "──────────────────── ───────────── ──────── ───────────"
for jail in $jails; do
local status=$(fail2ban-client status "$jail")
local currently=$(echo "$status" | grep "Currently banned" | awk '{print $NF}')
local total=$(echo "$status" | grep "Total banned" | awk '{print $NF}')
local failed=$(echo "$status" | grep "Currently failed" | awk '{print $NF}')
printf "%-20s " "$jail"
if [ "$currently" -gt 0 ]; then
printf "${RED}%-13s${NC} " "$currently"
else
printf "${GREEN}%-13s${NC} " "$currently"
fi
printf "%-8s %-10s\n" "$total" "$failed"
done
echo ""
}
# Voir les logs récents
show_logs() {
local jail="${1:-sshd}"
local lines="${2:-20}"
echo -e "${BLUE}[Logs récents - Jail: $jail]${NC}"
echo ""
if [ ! -f "/var/log/fail2ban.log" ]; then
echo -e "${YELLOW}Fichier de log non trouvé${NC}"
echo ""
return
fi
grep "\[$jail\]" /var/log/fail2ban.log | tail -n "$lines"
echo ""
}
# Menu interactif
show_menu() {
echo -e "${MAGENTA}[Menu]${NC}"
echo ""
echo " 1. Lister toutes les IPs bannies"
echo " 2. Lister les jails actives"
echo " 3. Débannir une IP spécifique"
echo " 4. Débannir toutes les IPs d'une jail"
echo " 5. Débannir TOUTES les IPs"
echo " 6. Afficher les statistiques"
echo " 7. Voir les logs récents"
echo " 8. Actualiser"
echo " 0. Quitter"
echo ""
echo -n "Votre choix: "
}
# Mode interactif
interactive_mode() {
while true; do
show_header
list_jails
list_all_banned
show_menu
read choice
echo ""
case $choice in
1)
show_header
list_all_banned
read -p "Appuyez sur Entrée pour continuer..."
;;
2)
show_header
list_jails
show_stats
read -p "Appuyez sur Entrée pour continuer..."
;;
3)
echo -n "IP à débannir: "
read ip
unban_ip "$ip"
read -p "Appuyez sur Entrée pour continuer..."
;;
4)
echo -n "Nom de la jail: "
read jail
unban_jail "$jail"
read -p "Appuyez sur Entrée pour continuer..."
;;
5)
unban_all
read -p "Appuyez sur Entrée pour continuer..."
;;
6)
show_header
show_stats
read -p "Appuyez sur Entrée pour continuer..."
;;
7)
echo -n "Jail (défaut: sshd): "
read jail
jail=${jail:-sshd}
echo -n "Nombre de lignes (défaut: 20): "
read lines
lines=${lines:-20}
show_header
show_logs "$jail" "$lines"
read -p "Appuyez sur Entrée pour continuer..."
;;
8)
continue
;;
0)
echo -e "${GREEN}Au revoir!${NC}"
exit 0
;;
*)
echo -e "${RED}Choix invalide${NC}"
sleep 2
;;
esac
done
}
# Mode ligne de commande
usage() {
echo "Usage: $0 [option]"
echo ""
echo "Options:"
echo " -l, --list Lister toutes les IPs bannies"
echo " -j, --jails Lister les jails actives"
echo " -u, --unban <IP> Débannir une IP spécifique"
echo " -U, --unban-jail <jail> Débannir toutes les IPs d'une jail"
echo " -a, --unban-all Débannir toutes les IPs"
echo " -s, --stats Afficher les statistiques"
echo " -L, --logs [jail] Afficher les logs (défaut: sshd)"
echo " -i, --interactive Mode interactif (défaut)"
echo " -h, --help Afficher l'aide"
echo ""
exit 0
}
# Programme principal
main() {
check_root
check_fail2ban
# Si aucun argument, mode interactif
if [ $# -eq 0 ]; then
interactive_mode
exit 0
fi
# Mode ligne de commande
case "$1" in
-l|--list)
show_header
list_all_banned
;;
-j|--jails)
show_header
list_jails
show_stats
;;
-u|--unban)
if [ -z "${2:-}" ]; then
echo -e "${RED}Erreur: IP manquante${NC}"
echo "Usage: $0 --unban <IP>"
exit 1
fi
show_header
unban_ip "$2"
;;
-U|--unban-jail)
if [ -z "${2:-}" ]; then
echo -e "${RED}Erreur: Nom de jail manquant${NC}"
echo "Usage: $0 --unban-jail <jail>"
exit 1
fi
show_header
unban_jail "$2"
;;
-a|--unban-all)
show_header
unban_all
;;
-s|--stats)
show_header
show_stats
;;
-L|--logs)
show_header
show_logs "${2:-sshd}" "${3:-20}"
;;
-i|--interactive)
interactive_mode
;;
-h|--help)
usage
;;
*)
echo -e "${RED}Option invalide: $1${NC}"
echo ""
usage
;;
esac
}
main "$@"