fail2ban 一键安装脚本

#!/bin/bash
# Copyright (c) 2015.7  Fenei
# BY:封飞
# 陕西西普网络科技有限公司
# 2015年7月1日凌晨2点
# denyhosts auto install and configure shell
# VER. 1.1.0 - http://www.fenei.net # fail2ban 一键安装脚本
# 2015年7月1日凌晨2点
#
# 本程序是专为Redhat、Centos等系统制作的fail2ban 一键安装脚本。
# 本程序为西普网络专用。
# 其他人员如果使用必须将自己的远程办公IP手动添加至"ess /etc/fail2ban/jail.conf"文件中的ignoreip后面。
# 本脚本为开源，初次制作，如有不足之处，可以联系修改。
#
# Fenei@ Sinpul Network
# VER. 1.1.0 - http://www.fenei.net #
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#=====================================================================

#查看系统版本，根据版本下载安装EPEL源
a=$(cat /etc/redhat-release|cut -b1-16)
b=$(cat /etc/redhat-release|cut -b1-18)
v=$(uname -r |cut -d . -f 5)
if [[ $a == "CentOS release 6" ]]
then
if [ $v == "x86_64" ]
then
echo -e "\033[32;49;1m ======您的系统版本是 $b 64bit====== \033[39;49;0m"
read -p "请输入回车键继续." var
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm rpm -ivh epel-release-latest-6.noarch.rpm
else
echo -e "\033[32;49;1m ======您的系统版本是 $b 32bit====== \033[39;49;0m"
read -p "请输入回车键继续." var
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm rpm -ivh epel-release-latest-6.noarch.rpm
fi
elif [[ $a == "CentOS release 5" ]]
then
if [ $v == "x86_64" ]
then
echo -e "\033[32;49;1m ======您的系统版本是 $b 64bit====== \033[39;49;0m"
read -p "请输入回车键继续." var
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm rpm -ivh epel-release-latest-5.noarch.rpm
else
echo -e "\033[32;49;1m ======您的系统版本是 $b 32bit====== \033[39;49;0m"
read -p "请输入回车键继续." var
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm rpm -ivh epel-release-latest-5.noarch.rpm
fi
elif [[ $a == "CentOS release 7" ]]
then
echo -e "\033[32;49;1m ======您的系统版本是 $b 64bit====== \033[39;49;0m"
read -p "请输入回车键继续." var
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -ivh epel-release-latest-7.noarch.rpm
else
echo "您的操作系统不是\"Centos\"，使用源码包进行安装！"
read -p "请输入回车键继续." var
wget --no-check-certificate https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.9.1 -O fail2ban-0.9.1.tar.gz
tar  zxvf fail2ban-0.9.1.tar.gz
cd fail2ban-0.9.1
python setup.py install
#替换日志文件路径
sed -i '33s/SYSLOG/\/var\/log\/fail2ban.log/g' /etc/fail2ban/fail2ban.conf
fi

# 注释掉mirrorlist
su -c "sed -i 's|^#baseurl|baseurl| ; s|^mirrorlist|#mirrorlist|' /etc/yum.repos.d/*"
#安装fail2ban
yum install fail2ban -y
#重启fail2ban服务
service fail2ban restart
#设置fail2ban自动启动
chkconfig fail2ban on

echo -e "\033[32;49;1m
************************************************************************************
检查被封禁的IP 'sudo iptables --list -n'或'sudo fail2ban-client status ssh-iptables'
如果你想要从fail2ban中解锁某个IP地址，你可以使用iptables命令：
sudo iptables -D fail2ban-SSH -s IP -j DROP
或使用这条命令:
sudo fail2ban-client set ssh-iptables unbanip IP
************************************************************************************
\033[39;49;0m"