Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

fail2ban persistent

By: diegors on Nov 3rd, 2011  |  syntax: Bash  |  size: 4.33 KB  |  views: 67  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. root@proxy:scripts# iptables -L -n --verbose --line-numbers
  2. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  3. num   pkts bytes target     prot opt in     out     source               destination
  4. 1        8   528 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22
  5. 2        8   528 ACCEPT     all  --  *      *       10.0.0.0/24          0.0.0.0/0
  6. 3        0     0 ACCEPT     all  --  *      *       xx.xxx.xx.xx./24       0.0.0.0/0
  7. 4        0     0 ACCEPT     all  --  *      *       yyy.yyy.yyy.y          0.0.0.0/0
  8. 5        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
  9. 6        0     0 DROP       all  --  *      *      !10.0.0.0/24          0.0.0.0/0
  10. 7        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
  11.  
  12. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  13. num   pkts bytes target     prot opt in     out     source               destination
  14.  
  15. Chain OUTPUT (policy ACCEPT 4 packets, 544 bytes)
  16. num   pkts bytes target     prot opt in     out     source               destination
  17.  
  18. Chain fail2ban-ssh (1 references)
  19. num   pkts bytes target     prot opt in     out     source               destination
  20. 1        8   528 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
  21.  
  22. root@proxy:scripts# /root/scripts/f2b.sh
  23. Adding 200.45.54.22 to Offenders Chain
  24. Adding 202.138.126.128 to Offenders Chain
  25. Adding 221.202.118.42 to Offenders Chain
  26. root@proxy:scripts# iptables -L -n --verbose --line-numbers
  27. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  28. num   pkts bytes target     prot opt in     out     source               destination
  29. 1       56  4852 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22
  30. 2       63  4934 ACCEPT     all  --  *      *       10.0.0.0/24          0.0.0.0/0
  31. 3        0     0 ACCEPT     all  --  *      *       xx.xxx.xx.xx./24       0.0.0.0/0
  32. 4        0     0 ACCEPT     all  --  *      *       yyy.yyy.yyy.y          0.0.0.0/0
  33. 5        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
  34. 6       14   874 DROP       all  --  *      *      !10.0.0.0/24          0.0.0.0/0
  35. 7        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
  36.  
  37. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  38. num   pkts bytes target     prot opt in     out     source               destination
  39.  
  40. Chain OUTPUT (policy ACCEPT 4 packets, 512 bytes)
  41. num   pkts bytes target     prot opt in     out     source               destination
  42.  
  43. Chain Offenders (0 references)
  44. num   pkts bytes target     prot opt in     out     source               destination
  45. 1        0     0 DROP       all  --  *      *       221.202.118.42       0.0.0.0/0
  46. 2        0     0 DROP       all  --  *      *       202.138.126.128      0.0.0.0/0
  47. 3        0     0 DROP       all  --  *      *       200.45.54.22         0.0.0.0/0
  48.  
  49. Chain fail2ban-ssh (1 references)
  50. num   pkts bytes target     prot opt in     out     source               destination
  51. 1       56  4852 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
  52.  
  53. #Note: Chain fail2ban-ssh is empty because I flush the iptables
  54.  
  55. ####################################################################################
  56.  
  57.  
  58. root@proxy:scripts# cat /root/scripts/f2b.sh
  59. #!/bin/bash
  60.  
  61. LOG='/var/log/fail2ban.log'
  62. CSV='/var/log/fail2ban.csv'
  63. CSV_TMP='/tmp/csv.csv'
  64. OFFENDERS='/tmp/offenders.txt'
  65.  
  66. DATE=`date +%Y-%m-%d-%H_%M_%S`
  67.  
  68. # --------------- CREATE BACKUP IPTABLES
  69. iptables-save > /root/iptables.$DATE
  70. # ----------------
  71.  
  72. /bin/grep Ban /var/log/fail2ban.log|awk {'print $7'}|sort --unique >> $CSV
  73.  
  74. #Delete duplicate
  75. sort --unique $CSV     > $CSV_TMP
  76. mv            $CSV_TMP   $CSV
  77.  
  78. #create a new chain
  79. #hmmm.. i guess should check if exist before to add, but...
  80. iptables -N Offenders
  81.  
  82. #GET content  from Offenders chain
  83. iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print $9'} >  $OFFENDERS
  84.  
  85. for i in `cat $CSV`; do
  86.  if grep -Fxq "$i" $OFFENDERS
  87.   then
  88.     echo "$i exists in Offenders Chain. Skipping =("
  89.   else
  90.     echo "Adding $i to Offenders Chain"
  91.     iptables -I Offenders -s $i -j DROP
  92.   fi
  93. done
  94. #iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print $9'}