#!/bin/bash # Script de gestion des bannissements Fail2ban # Version: 1.0 set -euo pipefail # Couleurs RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' CYAN='\033[0;36m' MAGENTA='\033[0;35m' NC='\033[0m' # Vérification root check_root() { if [ "$EUID" -ne 0 ]; then echo -e "${RED}[ERREUR]${NC} Ce script doit être exécuté en tant que root" exit 1 fi } # Vérification Fail2ban check_fail2ban() { if ! command -v fail2ban-client > /dev/null 2>&1; then echo -e "${RED}[ERREUR]${NC} Fail2ban n'est pas installé" exit 1 fi if ! systemctl is-active --quiet fail2ban; then echo -e "${RED}[ERREUR]${NC} Fail2ban n'est pas actif" echo "Démarrez-le avec: systemctl start fail2ban" exit 1 fi } # Afficher le header show_header() { clear echo "════════════════════════════════════════════════════════════════" echo -e "${CYAN} Gestionnaire de Bannissements Fail2ban${NC}" echo "════════════════════════════════════════════════════════════════" echo "" } # Lister toutes les jails actives list_jails() { echo -e "${BLUE}[Jails actives]${NC}" echo "" local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) if [ -z "$jails" ]; then echo -e "${YELLOW}Aucune jail active${NC}" return 1 fi local count=0 for jail in $jails; do count=$((count + 1)) local banned=$(fail2ban-client status "$jail" | grep "Currently banned" | awk '{print $NF}') local total=$(fail2ban-client status "$jail" | grep "Total banned" | awk '{print $NF}') if [ "$banned" -gt 0 ]; then echo -e " ${count}. ${GREEN}$jail${NC} - ${RED}$banned${NC} IP(s) bannies (Total: $total)" else echo -e " ${count}. ${GREEN}$jail${NC} - ${YELLOW}0${NC} IP bannie (Total: $total)" fi done echo "" return 0 } # Lister les IPs bannies pour toutes les jails list_all_banned() { echo -e "${BLUE}[IPs actuellement bannies]${NC}" echo "" local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) local total_banned=0 for jail in $jails; do local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') if [ -n "$banned_ips" ] && [ "$banned_ips" != "" ]; then echo -e "${CYAN}Jail: $jail${NC}" for ip in $banned_ips; do total_banned=$((total_banned + 1)) # Récupérer le pays si possible (via whois ou geoip) echo -e " ${RED}•${NC} $ip" done echo "" fi done if [ "$total_banned" -eq 0 ]; then echo -e "${GREEN}✓ Aucune IP bannie actuellement${NC}" echo "" else echo -e "${YELLOW}Total: $total_banned IP(s) bannie(s)${NC}" echo "" fi } # Débannir une IP spécifique unban_ip() { local ip="$1" echo -e "${YELLOW}[Débannissement de $ip]${NC}" echo "" local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) local found=false for jail in $jails; do local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') if echo "$banned_ips" | grep -qw "$ip"; then echo -e " → Débannissement de ${CYAN}$ip${NC} dans la jail ${GREEN}$jail${NC}..." fail2ban-client set "$jail" unbanip "$ip" echo -e " ${GREEN}✓${NC} IP débannie de $jail" found=true fi done if [ "$found" = false ]; then echo -e "${YELLOW}L'IP $ip n'est bannie dans aucune jail${NC}" else echo -e "\n${GREEN}✓ IP $ip complètement débannie${NC}" fi echo "" } # Débannir toutes les IPs d'une jail unban_jail() { local jail="$1" echo -e "${YELLOW}[Débannissement de toutes les IPs de la jail: $jail]${NC}" echo "" local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') if [ -z "$banned_ips" ] || [ "$banned_ips" = "" ]; then echo -e "${YELLOW}Aucune IP bannie dans cette jail${NC}" echo "" return fi local count=0 for ip in $banned_ips; do echo -e " → Débannissement de ${CYAN}$ip${NC}..." fail2ban-client set "$jail" unbanip "$ip" count=$((count + 1)) done echo -e "\n${GREEN}✓ $count IP(s) débannie(s) de la jail $jail${NC}" echo "" } # Débannir toutes les IPs de toutes les jails unban_all() { echo -e "${RED}[Débannissement de TOUTES les IPs]${NC}" echo "" read -p "Êtes-vous sûr? (oui/non): " confirm if [ "$confirm" != "oui" ]; then echo -e "${YELLOW}Opération annulée${NC}" echo "" return fi local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) local total_unbanned=0 for jail in $jails; do local banned_ips=$(fail2ban-client status "$jail" | grep "Banned IP list" | sed 's/.*:\s*//') if [ -n "$banned_ips" ] && [ "$banned_ips" != "" ]; then echo -e "${CYAN}Jail: $jail${NC}" for ip in $banned_ips; do echo -e " → Débannissement de ${CYAN}$ip${NC}..." fail2ban-client set "$jail" unbanip "$ip" total_unbanned=$((total_unbanned + 1)) done fi done echo "" echo -e "${GREEN}✓ Total: $total_unbanned IP(s) débannie(s)${NC}" echo "" } # Afficher les statistiques show_stats() { echo -e "${BLUE}[Statistiques Fail2ban]${NC}" echo "" local jails=$(fail2ban-client status | grep "Jail list" | sed 's/.*:\s*//' | tr ',' '\n' | xargs) echo -e "${CYAN}Jail${NC} ${CYAN}Actuellement${NC} ${CYAN}Total${NC} ${CYAN}Tentatives${NC}" echo "──────────────────── ───────────── ──────── ───────────" for jail in $jails; do local status=$(fail2ban-client status "$jail") local currently=$(echo "$status" | grep "Currently banned" | awk '{print $NF}') local total=$(echo "$status" | grep "Total banned" | awk '{print $NF}') local failed=$(echo "$status" | grep "Currently failed" | awk '{print $NF}') printf "%-20s " "$jail" if [ "$currently" -gt 0 ]; then printf "${RED}%-13s${NC} " "$currently" else printf "${GREEN}%-13s${NC} " "$currently" fi printf "%-8s %-10s\n" "$total" "$failed" done echo "" } # Voir les logs récents show_logs() { local jail="${1:-sshd}" local lines="${2:-20}" echo -e "${BLUE}[Logs récents - Jail: $jail]${NC}" echo "" if [ ! -f "/var/log/fail2ban.log" ]; then echo -e "${YELLOW}Fichier de log non trouvé${NC}" echo "" return fi grep "\[$jail\]" /var/log/fail2ban.log | tail -n "$lines" echo "" } # Menu interactif show_menu() { echo -e "${MAGENTA}[Menu]${NC}" echo "" echo " 1. Lister toutes les IPs bannies" echo " 2. Lister les jails actives" echo " 3. Débannir une IP spécifique" echo " 4. Débannir toutes les IPs d'une jail" echo " 5. Débannir TOUTES les IPs" echo " 6. Afficher les statistiques" echo " 7. Voir les logs récents" echo " 8. Actualiser" echo " 0. Quitter" echo "" echo -n "Votre choix: " } # Mode interactif interactive_mode() { while true; do show_header list_jails list_all_banned show_menu read choice echo "" case $choice in 1) show_header list_all_banned read -p "Appuyez sur Entrée pour continuer..." ;; 2) show_header list_jails show_stats read -p "Appuyez sur Entrée pour continuer..." ;; 3) echo -n "IP à débannir: " read ip unban_ip "$ip" read -p "Appuyez sur Entrée pour continuer..." ;; 4) echo -n "Nom de la jail: " read jail unban_jail "$jail" read -p "Appuyez sur Entrée pour continuer..." ;; 5) unban_all read -p "Appuyez sur Entrée pour continuer..." ;; 6) show_header show_stats read -p "Appuyez sur Entrée pour continuer..." ;; 7) echo -n "Jail (défaut: sshd): " read jail jail=${jail:-sshd} echo -n "Nombre de lignes (défaut: 20): " read lines lines=${lines:-20} show_header show_logs "$jail" "$lines" read -p "Appuyez sur Entrée pour continuer..." ;; 8) continue ;; 0) echo -e "${GREEN}Au revoir!${NC}" exit 0 ;; *) echo -e "${RED}Choix invalide${NC}" sleep 2 ;; esac done } # Mode ligne de commande usage() { echo "Usage: $0 [option]" echo "" echo "Options:" echo " -l, --list Lister toutes les IPs bannies" echo " -j, --jails Lister les jails actives" echo " -u, --unban Débannir une IP spécifique" echo " -U, --unban-jail Débannir toutes les IPs d'une jail" echo " -a, --unban-all Débannir toutes les IPs" echo " -s, --stats Afficher les statistiques" echo " -L, --logs [jail] Afficher les logs (défaut: sshd)" echo " -i, --interactive Mode interactif (défaut)" echo " -h, --help Afficher l'aide" echo "" exit 0 } # Programme principal main() { check_root check_fail2ban # Si aucun argument, mode interactif if [ $# -eq 0 ]; then interactive_mode exit 0 fi # Mode ligne de commande case "$1" in -l|--list) show_header list_all_banned ;; -j|--jails) show_header list_jails show_stats ;; -u|--unban) if [ -z "${2:-}" ]; then echo -e "${RED}Erreur: IP manquante${NC}" echo "Usage: $0 --unban " exit 1 fi show_header unban_ip "$2" ;; -U|--unban-jail) if [ -z "${2:-}" ]; then echo -e "${RED}Erreur: Nom de jail manquant${NC}" echo "Usage: $0 --unban-jail " exit 1 fi show_header unban_jail "$2" ;; -a|--unban-all) show_header unban_all ;; -s|--stats) show_header show_stats ;; -L|--logs) show_header show_logs "${2:-sshd}" "${3:-20}" ;; -i|--interactive) interactive_mode ;; -h|--help) usage ;; *) echo -e "${RED}Option invalide: $1${NC}" echo "" usage ;; esac } main "$@"