mirror of
https://github.com/kejilion/sh.git
synced 2025-10-03 23:34:20 +08:00
Update kejilion.sh
This commit is contained in:
科技lion
GitHub
parent
377e3c090e
commit
54e4a90d2b
1 changed files with 36 additions and 80 deletions
116
cn/kejilion.sh
116
cn/kejilion.sh
|
|
@ -1771,7 +1771,7 @@ check_waf_status() {
|
||||||
|
|
||||||
|
|
||||||
check_cf_mode() {
|
check_cf_mode() {
|
||||||
if [ -f "/path/to/fail2ban/config/fail2ban/action.d/cloudflare-docker.conf" ]; then
|
if [ -f "/etc/fail2ban/action.d/cloudflare-docker.conf" ]; then
|
||||||
CFmessage=" cf模式已开启"
|
CFmessage=" cf模式已开启"
|
||||||
else
|
else
|
||||||
CFmessage=""
|
CFmessage=""
|
||||||
|
|
@ -1985,19 +1985,11 @@ nginx_gzip() {
|
||||||
web_security() {
|
web_security() {
|
||||||
send_stats "LDNMP环境防御"
|
send_stats "LDNMP环境防御"
|
||||||
while true; do
|
while true; do
|
||||||
|
check_f2b_status
|
||||||
check_waf_status
|
check_waf_status
|
||||||
check_cf_mode
|
check_cf_mode
|
||||||
if [ -x "$(command -v fail2ban-client)" ] ; then
|
|
||||||
clear
|
|
||||||
remove fail2ban
|
|
||||||
rm -rf /etc/fail2ban
|
|
||||||
else
|
|
||||||
clear
|
clear
|
||||||
rm -f /path/to/fail2ban/config/fail2ban/jail.d/sshd.conf > /dev/null 2>&1
|
echo -e "服务器网站防御程序 ${check_f2b_status}${gl_lv}${CFmessage}${waf_status}${gl_bai}"
|
||||||
docker exec -it fail2ban fail2ban-client reload > /dev/null 2>&1
|
|
||||||
docker_name="fail2ban"
|
|
||||||
check_docker_app
|
|
||||||
echo -e "服务器网站防御程序 ${check_docker}${gl_lv}${CFmessage}${waf_status}${gl_bai}"
|
|
||||||
echo "------------------------"
|
echo "------------------------"
|
||||||
echo "1. 安装防御程序"
|
echo "1. 安装防御程序"
|
||||||
echo "------------------------"
|
echo "------------------------"
|
||||||
|
|
@ -2019,11 +2011,11 @@ web_security() {
|
||||||
case $sub_choice in
|
case $sub_choice in
|
||||||
1)
|
1)
|
||||||
f2b_install_sshd
|
f2b_install_sshd
|
||||||
cd /path/to/fail2ban/config/fail2ban/filter.d
|
cd /etc/fail2ban/filter.d
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/sh/main/fail2ban-nginx-cc.conf
|
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/sh/main/fail2ban-nginx-cc.conf
|
||||||
cd /path/to/fail2ban/config/fail2ban/jail.d/
|
cd /etc/fail2ban/jail.d/
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/nginx-docker-cc.conf
|
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/nginx-docker-cc.conf
|
||||||
sed -i "/cloudflare/d" /path/to/fail2ban/config/fail2ban/jail.d/nginx-docker-cc.conf
|
sed -i "/cloudflare/d" /etc/fail2ban/jail.d/nginx-docker-cc.conf
|
||||||
f2b_status
|
f2b_status
|
||||||
;;
|
;;
|
||||||
5)
|
5)
|
||||||
|
|
@ -2065,28 +2057,28 @@ web_security() {
|
||||||
;;
|
;;
|
||||||
|
|
||||||
7)
|
7)
|
||||||
docker exec -it fail2ban fail2ban-client status
|
fail2ban-client status
|
||||||
;;
|
;;
|
||||||
8)
|
8)
|
||||||
tail -f /path/to/fail2ban/config/log/fail2ban/fail2ban.log
|
tail -f /var/log/fail2ban.log
|
||||||
|
|
||||||
;;
|
;;
|
||||||
9)
|
9)
|
||||||
docker rm -f fail2ban
|
remove fail2ban
|
||||||
rm -rf /path/to/fail2ban
|
rm -rf /etc/fail2ban
|
||||||
crontab -l | grep -v "CF-Under-Attack.sh" | crontab - 2>/dev/null
|
crontab -l | grep -v "CF-Under-Attack.sh" | crontab - 2>/dev/null
|
||||||
echo "Fail2Ban防御程序已卸载"
|
echo "Fail2Ban防御程序已卸载"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
11)
|
11)
|
||||||
install nano
|
install nano
|
||||||
nano /path/to/fail2ban/config/fail2ban/jail.d/nginx-docker-cc.conf
|
nano /etc/fail2ban/jail.d/nginx-docker-cc.conf
|
||||||
f2b_status
|
f2b_status
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
|
|
||||||
12)
|
12)
|
||||||
docker exec -it fail2ban fail2ban-client unban --all
|
fail2ban-client unban --all
|
||||||
;;
|
;;
|
||||||
|
|
||||||
21)
|
21)
|
||||||
|
|
@ -2099,14 +2091,14 @@ web_security() {
|
||||||
wget -O /home/web/conf.d/default.conf ${gh_proxy}raw.githubusercontent.com/kejilion/nginx/main/default11.conf
|
wget -O /home/web/conf.d/default.conf ${gh_proxy}raw.githubusercontent.com/kejilion/nginx/main/default11.conf
|
||||||
docker exec nginx nginx -s reload
|
docker exec nginx nginx -s reload
|
||||||
|
|
||||||
cd /path/to/fail2ban/config/fail2ban/jail.d/
|
cd /etc/fail2ban/jail.d/
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/nginx-docker-cc.conf
|
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/nginx-docker-cc.conf
|
||||||
|
|
||||||
cd /path/to/fail2ban/config/fail2ban/action.d
|
cd /etc/fail2ban/action.d
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/cloudflare-docker.conf
|
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/cloudflare-docker.conf
|
||||||
|
|
||||||
sed -i "s/kejilion@outlook.com/$cfuser/g" /path/to/fail2ban/config/fail2ban/action.d/cloudflare-docker.conf
|
sed -i "s/kejilion@outlook.com/$cfuser/g" /etc/fail2ban/action.d/cloudflare-docker.conf
|
||||||
sed -i "s/APIKEY00000/$cftoken/g" /path/to/fail2ban/config/fail2ban/action.d/cloudflare-docker.conf
|
sed -i "s/APIKEY00000/$cftoken/g" /etc/fail2ban/action.d/cloudflare-docker.conf
|
||||||
f2b_status
|
f2b_status
|
||||||
|
|
||||||
echo "已配置cloudflare模式,可在cf后台,站点-安全性-事件中查看拦截记录"
|
echo "已配置cloudflare模式,可在cf后台,站点-安全性-事件中查看拦截记录"
|
||||||
|
|
@ -2171,7 +2163,6 @@ web_security() {
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
|
||||||
break_end
|
break_end
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
@ -3017,53 +3008,28 @@ tmux new -d -s "$base_name-$tmuxd_ID" "$tmuxd"
|
||||||
|
|
||||||
|
|
||||||
f2b_status() {
|
f2b_status() {
|
||||||
docker exec -it fail2ban fail2ban-client reload
|
fail2ban-client reload
|
||||||
sleep 3
|
sleep 3
|
||||||
docker exec -it fail2ban fail2ban-client status
|
fail2ban-client status
|
||||||
}
|
}
|
||||||
|
|
||||||
f2b_status_xxx() {
|
f2b_status_xxx() {
|
||||||
docker exec -it fail2ban fail2ban-client status $xxx
|
fail2ban-client status $xxx
|
||||||
|
}
|
||||||
|
|
||||||
|
check_f2b_status() {
|
||||||
|
if command -v fail2ban-client >/dev/null 2>&1; then
|
||||||
|
check_f2b_status="已安装"
|
||||||
|
else
|
||||||
|
check_f2b_status="未安装"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
f2b_install_sshd() {
|
f2b_install_sshd() {
|
||||||
|
|
||||||
docker run -d \
|
install fail2ban
|
||||||
--name=fail2ban \
|
start fail2ban
|
||||||
--net=host \
|
enable fail2ban
|
||||||
--cap-add=NET_ADMIN \
|
|
||||||
--cap-add=NET_RAW \
|
|
||||||
-e PUID=1000 \
|
|
||||||
-e PGID=1000 \
|
|
||||||
-e TZ=Etc/UTC \
|
|
||||||
-e VERBOSITY=-vv \
|
|
||||||
-v /path/to/fail2ban/config:/config \
|
|
||||||
-v /var/log:/var/log:ro \
|
|
||||||
-v /home/web/log/nginx/:/remotelogs/nginx:ro \
|
|
||||||
--restart=always \
|
|
||||||
lscr.io/linuxserver/fail2ban:latest
|
|
||||||
|
|
||||||
sleep 3
|
|
||||||
if grep -q 'Alpine' /etc/issue; then
|
|
||||||
cd /path/to/fail2ban/config/fail2ban/filter.d
|
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/alpine-sshd.conf
|
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/alpine-sshd-ddos.conf
|
|
||||||
cd /path/to/fail2ban/config/fail2ban/jail.d/
|
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/alpine-ssh.conf
|
|
||||||
elif command -v dnf &>/dev/null; then
|
|
||||||
cd /path/to/fail2ban/config/fail2ban/jail.d/
|
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/centos-ssh.conf
|
|
||||||
else
|
|
||||||
install rsyslog
|
|
||||||
systemctl start rsyslog
|
|
||||||
systemctl enable rsyslog
|
|
||||||
cd /path/to/fail2ban/config/fail2ban/jail.d/
|
|
||||||
curl -sS -O ${gh_proxy}raw.githubusercontent.com/kejilion/config/main/fail2ban/linux-ssh.conf
|
|
||||||
systemctl restart rsyslog
|
|
||||||
fi
|
|
||||||
|
|
||||||
rm -f /path/to/fail2ban/config/fail2ban/jail.d/sshd.conf
|
|
||||||
sed -i 's/action = %(action_)s/action = iptables-multiport/g' /path/to/fail2ban/config/fail2ban/jail.conf
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -13128,17 +13094,9 @@ EOF
|
||||||
root_use
|
root_use
|
||||||
send_stats "ssh防御"
|
send_stats "ssh防御"
|
||||||
while true; do
|
while true; do
|
||||||
if [ -x "$(command -v fail2ban-client)" ] ; then
|
|
||||||
clear
|
check_f2b_status
|
||||||
remove fail2ban
|
echo -e "SSH防御程序 $check_f2b_status"
|
||||||
rm -rf /etc/fail2ban
|
|
||||||
else
|
|
||||||
clear
|
|
||||||
rm -f /path/to/fail2ban/config/fail2ban/jail.d/sshd.conf > /dev/null 2>&1
|
|
||||||
docker exec -it fail2ban fail2ban-client reload > /dev/null 2>&1
|
|
||||||
docker_name="fail2ban"
|
|
||||||
check_docker_app
|
|
||||||
echo -e "SSH防御程序 $check_docker"
|
|
||||||
echo "fail2ban是一个SSH防止暴力破解工具"
|
echo "fail2ban是一个SSH防止暴力破解工具"
|
||||||
echo "官网介绍: ${gh_proxy}github.com/fail2ban/fail2ban"
|
echo "官网介绍: ${gh_proxy}github.com/fail2ban/fail2ban"
|
||||||
echo "------------------------"
|
echo "------------------------"
|
||||||
|
|
@ -13154,7 +13112,6 @@ EOF
|
||||||
read -e -p "请输入你的选择: " sub_choice
|
read -e -p "请输入你的选择: " sub_choice
|
||||||
case $sub_choice in
|
case $sub_choice in
|
||||||
1)
|
1)
|
||||||
install_docker
|
|
||||||
f2b_install_sshd
|
f2b_install_sshd
|
||||||
|
|
||||||
cd ~
|
cd ~
|
||||||
|
|
@ -13168,19 +13125,18 @@ EOF
|
||||||
break_end
|
break_end
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
tail -f /path/to/fail2ban/config/log/fail2ban/fail2ban.log
|
tail -f /var/log/fail2ban.log
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
9)
|
9)
|
||||||
docker rm -f fail2ban
|
remove fail2ban
|
||||||
rm -rf /path/to/fail2ban
|
rm -rf /etc/fail2ban
|
||||||
echo "Fail2Ban防御程序已卸载"
|
echo "Fail2Ban防御程序已卸载"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue
