-
Notifications
You must be signed in to change notification settings - Fork 0
/
install.sh
152 lines (138 loc) · 5.13 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#!/bin/sh
#
# define our bail out shortcut function anytime there is an error - display the error message, then exit
# returning 1.
exerr () { echo -e "$*" >&2 ; exit 1; }
# Determine the current directory
# Method adapted from user apokalyptik at
# http://hintsforums.macworld.com/archive/index.php/t-73839.html
STAT=$(procstat -f $$ | grep -E "/"$(basename $0)"$")
FULL_PATH=$(echo $STAT | sed -r s/'^([^\/]+)\/'/'\/'/1 2>/dev/null)
START_FOLDER=$(dirname $FULL_PATH | sed 's|/install.sh||')
# First stop any users older than 2235 revision
WORK_REVISION=`cat /etc/prd.revision`
# Prevent users from breaking their system
if [ $WORK_REVISION -lt 2235 ]; then
echo "ERROR: This version of Nas4Free is incompatible with fail2ban"
exerr "ERROR: Please upgrade Nas4Free to revision 2235 or higher!"
fi
# Store the script's current location in a file
echo $START_FOLDER > /tmp/fail2baninstaller
# This first checks to see that the user has supplied an argument
if [ ! -z $1 ]; then
# The first argument will be the path that the user wants to be the root folder.
# If this directory does not exist, it is created
# Sanitize input
pathtoext=${1%/}
FAIL2BAN_ROOT=${pathtoext}/fail2ban
# This checks if the supplied argument is a directory. If it is not
# then we will try to create it
if [ ! -d $FAIL2BAN_ROOT ]; then
echo "Attempting to create a new destination directory....."
mkdir -p $FAIL2BAN_ROOT || exerr "ERROR: Could not create directory!"
fi
else
# We are here because the user did not specify an alternate location. Thus, we should use the
# current directory as the root.
FAIL2BAN_ROOT=$START_FOLDER
fi
eval pkg update
cd ${FAIL2BAN_ROOT}
pkg fetch -y -o temp py27-fail2ban py27-sqlite3 py27-setuptools27
cd temp/All
tar -xf py27-fail2ban*
tar -xf py27-sqlite3*
tar -xf py27-setuptools27*
cd ${FAIL2BAN_ROOT}
cp -R ${FAIL2BAN_ROOT}/temp/All/usr/local/bin ${FAIL2BAN_ROOT}
cp -R ${FAIL2BAN_ROOT}/temp/All/usr/local/etc ${FAIL2BAN_ROOT}
cp -R ${FAIL2BAN_ROOT}/temp/All/usr/local/lib ${FAIL2BAN_ROOT}
cp ${FAIL2BAN_ROOT}/temp/All/usr/local/share/doc/fail2ban/README.md ${FAIL2BAN_ROOT}
rm -rf temp
rm -f ${FAIL2BAN_ROOT}/bin/easy_install
mv ${FAIL2BAN_ROOT}/bin/easy_install* ${FAIL2BAN_ROOT}/bin/easy_install
#if full system in use make backup
PLATFORM=`cat /etc/platform | awk -F "-" '{print $2}'`
if [ ${PLATFORM} == 'full' ]; then
mkdir ${FAIL2BAN_ROOT}/backup
cp /etc/rc.d/syslogd ${FAIL2BAN_ROOT}/backup/syslogd
cp /etc/rc.d/websrv ${FAIL2BAN_ROOT}/backup/websrv
cp /usr/local/www/diag_log.inc ${FAIL2BAN_ROOT}/backup/diag_log.inc
fi
#edit system files
cp /etc/rc.d/syslogd ${FAIL2BAN_ROOT}/syslogd
sed -i .orig 's/\%\${clog_logdir}\/sshd.log/\/var\/log\/sshd\.log/g' ${FAIL2BAN_ROOT}/syslogd
cp /etc/rc.d/websrv ${FAIL2BAN_ROOT}/websrv
sed -i .orig 's/server.errorlog-use-syslog = \"enable\"/server.errorlog = \"\/var\/log\/webserver\.log\"/g' ${FAIL2BAN_ROOT}/websrv
cp /usr/local/www/diag_log.inc ${FAIL2BAN_ROOT}/diag_log.inc
#Create diff file
cat <<EOF >> ${FAIL2BAN_ROOT}/diff.txt
--- diag_log.orig 2015-12-15 19:44:15.000000000 +0200
+++ diag_log.inc 2015-12-19 22:41:39.000000000 +0200
@@ -79,8 +79,8 @@
"desc" => gettext("SSH"),
"logfile" => "{\$clogdir}/sshd.log",
"filename" => "sshd.log",
- "type" => "clog",
- "size" => "32768",
+ "type" => "plain",
+
"pattern" => "/^(\S+\s+\d+\s+\S+)\s+(\S+)\s+(.*)$/",
"columns" => array(
array("title" => gettext("Date & Time"), "class" => "listlr", "param" => "nowrap=\"nowrap\"", "pmid" => 1),
EOF
patch -u ${FAIL2BAN_ROOT}/diag_log.inc ${FAIL2BAN_ROOT}/diff.txt
#Build start-up script
cat <<EOF >> ${FAIL2BAN_ROOT}/fail2ban_start.sh
#!/bin/sh
#start procedure
####################################
EXTENSIONPATH="${FAIL2BAN_ROOT}"
##########################################
#Link /usr/local/bin files
cd /usr/local/bin
for file in \${EXTENSIONPATH}/bin/*
do
ln -s "\$file" "\${file##*/}"
done
# Link /usr/local/etc
cd /usr/local/etc
ln -s \${EXTENSIONPATH}/etc/fail2ban /usr/local/etc/
ln -s \${EXTENSIONPATH}/etc/rc.d/fail2ban /usr/local/etc/rc.d/fail2ban
# link lib/python2.7
cd /usr/local/lib/python2.7/site-packages
for file in \${EXTENSIONPATH}/lib/python2.7/site-packages/*
do
ln -s "\$file" "\${file##*/}"
done
cd /usr/local/lib/python2.7/lib-dynload
for file in \${EXTENSIONPATH}/lib/python2.7/lib-dynload/*
do
ln -s "\$file" "\${file##*/}"
done
rconf service enable fail2ban
mkdir /var/run/fail2ban
mkdir /var/db/fail2ban
mkdir -p /var/lib/fail2ban
####### There is place for replace system files. If you not use its, please comment this section
#
#SSH protect
rm /etc/rc.d/syslogd
cp \${EXTENSIONPATH}/syslogd /etc/rc.d/syslogd
rm /var/log/sshd.log
touch /var/log/sshd.log
/etc/rc.d/syslogd restart
rm /usr/local/www/diag_log.inc
cp \${EXTENSIONPATH}/diag_log.inc /usr/local/www/diag_log.inc
#Webserver protect
rm /etc/rc.d/websrv
cp \${EXTENSIONPATH}/websrv /etc/rc.d/websrv
/etc/rc.d/websrv restart
#### END of replace sysyem files
service fail2ban start
EOF
chmod 755 ${FAIL2BAN_ROOT}/fail2ban_start.sh
#cleanup
rm ${FAIL2BAN_ROOT}/*.orig
rm ${FAIL2BAN_ROOT}/diff.txt
echo "Fail2ban installed to system. Read readme.md file"