LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23436 Commits
1 Branch
46 MiB
Tree: 69cdbb9980
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '69cdbb9980'
${ noResults }
openwrt-packages-dist/net/banip/files/banip.service

36 lines
986 B
Raw Normal View History

banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.5 * fix race condition in download utility detection during boot * fix multiple possible bugs in ipset creation * prevent parallel service starts * refine service trigger handling * add ssh daemon auto detection * print to stdout if 'logger' is not available Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.6 * more startup tweaks * re-use f_log function in helper scripts * small fixes / polish up for forthcoming 19.07 release Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.6 * more startup tweaks * re-use f_log function in helper scripts * small fixes / polish up for forthcoming 19.07 release Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: release 0.7.0 * major rewrite * add support for multiple chains * add mac whitelisting * add support for multiple ssh daemons in parallel * add an ipset report engine * add mail notifications * add suspend/resume functions * add a cron wrapper to set an ipset related auto-timer for automatic blocklist updates * add a list wrapper to add/remove blocklist sources * add 19.x and Turris OS 5.x compatibility code * sources stored in an external compressed json file (/etc/banip/banip.sources.gz) * change Country/ASN download sources (faster/more reliable) * fix DHCPv6/icmpv6 issues Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.6 * more startup tweaks * re-use f_log function in helper scripts * small fixes / polish up for forthcoming 19.07 release Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.5 * fix race condition in download utility detection during boot * fix multiple possible bugs in ipset creation * prevent parallel service starts * refine service trigger handling * add ssh daemon auto detection * print to stdout if 'logger' is not available Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.6 * more startup tweaks * re-use f_log function in helper scripts * small fixes / polish up for forthcoming 19.07 release Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update to 0.7.2 * add scanning for suspicious nginx events * add a log counter to track the number of the failed requests or login repetitions of the same ip in the log before banning, defaults are: ssh (3), luci (3), nginx (5) * optimize the background service handling * add 'greensnow' as a new source * update readme and LuCI frontend regarding the new log count options Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.6 * more startup tweaks * re-use f_log function in helper scripts * small fixes / polish up for forthcoming 19.07 release Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
banip: update 0.3.0 * new 'ca-bundle' dependency as all https connections are now validated by default * automatically select the download utility: 'aria2', 'curl', 'uclient-fetch' with libustream-* or wget are supported * track & ban failed LuCI login attempts as well * add a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (disabled by default) * add a config version check (please update your default config!) * made the automatic wan detection more stable * fix the IPv6 logfile parser * fix the service status message * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
5 years ago
 
  1. #!/bin/sh
  2. # log service to trace failed ssh/luci logins and conditionally refresh banIP
  3. # written by Dirk Brenken (dev@brenken.org)
  4. #
  5. # This is free software, licensed under the GNU General Public License v3.
  6. #
  7. # (s)hellcheck exceptions
  8. # shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
  9. 

  10. export LC_ALL=C
  11. export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
  12. set -o pipefail
  13. ban_ver="${1}"
  14. ban_search="${2}"
  15. ban_logger="$(command -v logger)"
  16. ban_logread="$(command -v logread)"
  17. 

  18. f_log()
  19. {
  20. 	local class="${1}" log_msg="${2}"
  21. 

  22. 	if [ -x "${ban_logger}" ]
  23. 	then
  24. 		"${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
  25. 	else
  26. 		printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
  27. 	fi
  28. }
  29. 

  30. if [ -x "${ban_logread}" ]
  31. then
  32. 	f_log "info" "log/banIP service started"
  33. 	"${ban_logread}" -f | { grep -qE "${ban_search}"; [ "${?}" = "0" ] && { /etc/init.d/banip refresh; exit 0; }; }
  34. else
  35. 	f_log "err" "can't start log/banIP service"
  36. fi