From 40f33aa74e7f22437a6a855be97ce0dec09bf611 Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Fri, 13 Jan 2023 19:45:48 +0100 Subject: [PATCH] add banunban script and update install.sh with ubuntu/debian detection --- dbp/banunban.sh | 60 ++++++++++++++++++++++++++++++++++++ dbp/cron.sh | 17 +++++++++- dbp/dbp.ini | 19 ++++++++++++ dbp/install.sh | 4 +-- install.sh | 82 ++++++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 178 insertions(+), 4 deletions(-) create mode 100755 dbp/banunban.sh diff --git a/dbp/banunban.sh b/dbp/banunban.sh new file mode 100755 index 0000000..a2ef686 --- /dev/null +++ b/dbp/banunban.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +usage() { echo "Usage: $0 [-f dbp.ini] -d [ban|unban] -i IP" 1>&2; exit 1; } + +while getopts ":f:b:u:" o; do + case "${o}" in + f) + INIFILE=${OPTARG} + ;; + d) + DO_BAN=${OPTARG} + ;; + i) + BAN_IP=${OPTARG} + ;; + *) + usage + ;; + esac +done +shift $((OPTIND-1)) + +if [ -z "${INIFILE}" ] || [ -z "${d}" ] || [ -z "${i}" ]; then + usage +fi + +MYSTIC_DIR="@MYSTIC_DIR@" +TMP_DIR=$(mktemp -d) + +BAN_UNBAN_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k BanUnbanIP --silent` +BAN_UNBAN_SERVICE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S BanUnbanIP -k BanningService --silent` +BAN_UNBAN_MYSTIC=`${MYSTIC_DIR}/inimod r ${INIFILE} -S BanUnbanIP -k UnbanInMystic --silent` + +if [ $BAN_UNBAN_ENABLE = "true" ]; then + if [ $BAN_UNBAN_SERVICE = "fail2ban" ]; then + if [ $DO_BAN = "ban" ]; then + /usr/bin/fail2ban-client set mysticbbs banip ${BAN_IP} + fi + if [ $DO_BAN = "unban" ]; then + /usr/bin/fail2ban-client set mysticbbs unbanip ${BAN_IP} + if [ $BAN_UNBAN_MYSTIC = "true" ]; then + sed -e "/${BAN_IP}/d" -i ${MYSTIC_DIR}/data/blacklist.txt + fi + fi + fi + + if [ $BAN_UNBAN_SERVICE = "ipban" ]; then + if [ $DO_BAN = "ban" ]; then + echo ${BAN_IP} > /opt/ipban/ban.txt + fi + if [ $DO_BAN = "unban" ]; then + echo ${BAN_IP} > /opt/ipban/unban.txt + if [ $BAN_UNBAN_MYSTIC = "true" ]; then + sed -e "/${BAN_IP}/d" -i ${MYSTIC_DIR}/data/blacklist.txt + fi + fi + fi +fi + +exit 0 diff --git a/dbp/cron.sh b/dbp/cron.sh index f169442..a664c83 100755 --- a/dbp/cron.sh +++ b/dbp/cron.sh @@ -22,10 +22,20 @@ MYSTIC_DIR="@MYSTIC_DIR@" TMP_DIR=$(mktemp -d) MIS_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k MisLog --silent` +MIS_KEEP=`${MYSTIC_DIR}/inimod r ${INIFILE} -S MisLog -k RetentionTime --silent` + MUTIL_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k MutilLog --silent` +MUTIL_KEEP=`${MYSTIC_DIR}/inimod r ${INIFILE} -S MutilLog -k RetentionTime --silent` + ERROR_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k ErrorLog --silent` +ERROR_KEEP=`${MYSTIC_DIR}/inimod r ${INIFILE} -S ErrorLog -k RetentionTime --silent` + MRCCHAT_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k MrcChatLog --silent` +MRCCHAT_KEEP=`${MYSTIC_DIR}/inimod r ${INIFILE} -S MrcChatLog -k RetentionTime --silent` + NODE_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k NodeLog --silent` +NODE_COUNT=`${MYSTIC_DIR}/inimod r ${INIFILE} -S NodeLog -k MaxNodes --silent` +NODE_KEEP=`${MYSTIC_DIR}/inimod r ${INIFILE} -S NodeLog -k RetentionTime --silent` IP2L_ENABLE=`${MYSTIC_DIR}/inimod r ${INIFILE} -S GeneralDbP -k Ip2Location --silent` IP2L_TOKEN=`${MYSTIC_DIR}/inimod r ${INIFILE} -S Ip2Location -k Token --silent` @@ -40,6 +50,7 @@ if [ $MIS_ENABLE = "true" ]; then touch ${MYSTIC_DIR}/logs/mis.${TOMORROW}.log ln -sf mis.${NOW}.log ${MYSTIC_DIR}/logs/mis.log [ -f /${MYSTIC_DIR}/logs/mis.${YESTERDAY}.log ] && gzip -9 ${MYSTIC_DIR}/logs/mis.${YESTERDAY}.log + find ${MYSTIC_DIR}/logs/ -type f -mtime +${MIS_KEEP} -name 'mis.*' -exec rm {} \; fi if [ $MUTIL_ENABLE = "true" ]; then @@ -47,6 +58,7 @@ if [ $MUTIL_ENABLE = "true" ]; then touch ${MYSTIC_DIR}/logs/mutil.${TOMORROW}.log ln -sf mutil.${NOW}.log ${MYSTIC_DIR}/logs/mutil.log [ -f /${MYSTIC_DIR}/logs/mutil.${YESTERDAY}.log ] && gzip -9 ${MYSTIC_DIR}/logs/mutil.${YESTERDAY}.log + find ${MYSTIC_DIR}/logs/ -type f -mtime +${MUTIL_KEEP} -name 'mutil.*' -exec rm {} \; fi if [ $ERROR_ENABLE = "true" ]; then @@ -54,6 +66,7 @@ if [ $ERROR_ENABLE = "true" ]; then touch ${MYSTIC_DIR}/logs/errors.${TOMORROW}.log ln -sf errors.${NOW}.log ${MYSTIC_DIR}/logs/errors.log [ -f /${MYSTIC_DIR}/logs/errors.${YESTERDAY}.log ] && gzip -9 ${MYSTIC_DIR}/logs/errors.${YESTERDAY}.log + find ${MYSTIC_DIR}/logs/ -type f -mtime +${ERROR_KEEP} -name 'error.*' -exec rm {} \; fi if [ $MRCCHAT_ENABLE = "true" ]; then @@ -63,15 +76,17 @@ if [ $MRCCHAT_ENABLE = "true" ]; then ln -sf ../../logs/mrcchat.${NOW}.log ${MYSTIC_DIR}/data/mrc/mrcchat.log ln -sf mrcchat.${NOW}.log ${MYSTIC_DIR}/logs/mrcchat.log [ -f /${MYSTIC_DIR}/logs/mrcchat.${YESTERDAY}.log ] && gzip -9 ${MYSTIC_DIR}/logs/mrcchat.${YESTERDAY}.log + find ${MYSTIC_DIR}/logs/ -type f -mtime +${MRCCHAT_KEEP} -name 'mrcchat.*' -exec rm {} \; fi if [ $NODE_ENABLE = "true" ]; then - for i in {0..10} + for i in {0..${NODE_COUNT}} do touch ${MYSTIC_DIR}/logs/node${i}.${NOW}.log touch ${MYSTIC_DIR}/logs/node${i}.${TOMORROW}.log ln -sf node${i}.${NOW}.log ${MYSTIC_DIR}/logs/node${i}.log [ -f ${MYSTIC_DIR}/logs/node${i}.${YESTERDAY}.log ] && gzip -9 ${MYSTIC_DIR}/logs/node${i}.${YESTERDAY}.log + find ${MYSTIC_DIR}/logs/ -type f -mtime +${NODE_KEEP} -name 'node*' -exec rm {} \; done fi diff --git a/dbp/dbp.ini b/dbp/dbp.ini index c7004cb..0855d4e 100644 --- a/dbp/dbp.ini +++ b/dbp/dbp.ini @@ -21,13 +21,32 @@ Token=PleasePutTokenHere Database=DB1LITEBIN [MisLog] +; Set maximum days of logs to keep for the Mis Daemon +RetentionTime=7 [ErrorLog] +; Set maximum days of logs to keep for the Error Log +RetentionTime=7 [NodeLog] +; Set maximum days of logs to keep for the Node Processes +RetentionTime=7 + +; Set the Maximum Number of Node instances to the same Value as in "Servers->General Options->Max BBS Nodes" +MaxNodes=32 [MutilLog] +; Set maximum days of logs to keep for the Mutil Process +RetentionTime=7 [MrcChatLog] +; Set maximum days of logs to keep for the Multo Relay Chat +RetentionTime=7 [BanUnbanIP] +;Set the banning Service to fail2ban or banip +; depends on what you seleted in the install stage +BanningService=fail2ban + +;Also unban in Mystic when useng the unban +UnbanInMystic=true diff --git a/dbp/install.sh b/dbp/install.sh index f8f19a1..6927255 100644 --- a/dbp/install.sh +++ b/dbp/install.sh @@ -4,7 +4,7 @@ MYSTIC_DIR="$1" sed -e "s!@MYSTIC_DIR@!${MYSTIC_DIR}!g" cron.sh > ${MYSTIC_DIR}/cron chmod +x ${MYSTIC_DIR}/cron -#sed -e "s!@MYSTIC_DIR@!${MYSTIC_DIR}!g" mis-stop.sh > ${MYSTIC_DIR}/mis-stop -#chmod +x ${MYSTIC_DIR}/mis-stop +sed -e "s!@MYSTIC_DIR@!${MYSTIC_DIR}!g" banunban.sh > ${MYSTIC_DIR}/banunban +chmod +x ${MYSTIC_DIR}/banunban sed -e "s!@MYSTIC_DIR@!${MYSTIC_DIR}!g" dbp.ini > ${MYSTIC_DIR}/dbp.ini diff --git a/install.sh b/install.sh index 358090a..faf2a9f 100644 --- a/install.sh +++ b/install.sh @@ -13,9 +13,16 @@ APP="Mystic" MSDIR="/opt/mystic" TMP_DIR=$(mktemp -d) ARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH) + +DIST=$(lsb_release -i -s) +CODENAME=$(lsb_release -c -s) + GROUP=$(getent group mystic) USER=$(getent shadow mystic) +FAIL2BAN_GROUP=$(getent group fail2ban) +IPBAN_GROUP=$(getent group ipban) + LIBDIR=/usr/lib/${ARCH} MYSTIC_VER="112a47" @@ -96,7 +103,17 @@ function msg_ok() { } msg_info "Setting up ${APP} Repository" -sed -i -e's/ main/ main contrib non-free/g' /etc/apt/sources.list &>/dev/null +apt-get update &>/dev/null +apt-get install -y software-properties-common &>/dev/null +if [ "${DIST}" = "Debian" ]; then + apt-add-repository contrib &>/dev/null + apt-add-repository non-free &>/dev/null +fi +if [ "${DIST}" = "Ubuntu" ]; then + apt-add-repository universe &>/dev/null + apt-add-repository restricted &>/dev/null + apt-add-repository multiverse &>/dev/null +fi apt-get update &>/dev/null apt-get install -y curl &>/dev/null apt-get install -y wget &>/dev/null @@ -165,6 +182,16 @@ if [ $exitstatus = 0 ]; then echo -e "${DGN}Add DbP Script: ${BGN}$DBPSCRIPTS${CL}" fi +BANUNBAN=$(whiptail --title "Add Ban / Anban to Mystic" --radiolist --cancel-button Exit-Script "Choose Fail2Ban IpBan No" 12 58 5 \ + "fail2ban" "Add Fail2Ban" FAIL2BAN \ + "ipban" "Add IpBan" IPBAN \ + "No" "Don't add IP Banning" OFF \ + 3>&1 1>&2 2>&3) + exitstatus=$? +if [ $exitstatus = 0 ]; then + echo -e "${DGN}Add Fail2Ban: ${BGN}$BANUNBAN${CL}" +fi + #============================================================================================================== @@ -334,6 +361,59 @@ fi #============================================================================================================== +if [ $BANUNBAN = "fail2ban" ]; then +msg_info "Installing Fail2Ban Dependencies for ${APP}" +apt-get install -y fail2ban &>/dev/null +apt-get install -y iptables &>/dev/null +apt-get install -y ipset &>/dev/null +if [ -z "${FAIL2BAN_GROUP}" ]; then +groupadd fail2ban &>/dev/null +fi +usermod --append --groups fail2ban mystic &>/dev/null +chown root:fail2ban /var/run/fail2ban/fail2ban.sock &>/dev/null +chmod g+w /var/run/fail2ban/fail2ban.sock &>/dev/null +msg_ok "Installing Fail2Ban Dependencies for ${APP}" + +msg_info "Installing Fail2Ban Scripts for ${APP}" +pushd /usr/local/src/mystic/mystic/fail2ban &>/dev/null +bash install.sh $MYSTIC_DIR &>/dev/null +popd &>/dev/null +msg_ok "Installing Fail2Ban Scripts for ${APP}" + +fi + +if [ $BANUNBAN = "ipban" ]; then +msg_info "Installing IpBan Dependencies for ${APP}" +pushd /usr/local/src/mystic &>/dev/null +wget -N https://github.com/DigitalRuby/IPBan/raw/master/IPBanCore/Linux/Scripts/Install.sh -O /usr/local/src/mystic/ipban-install.sh &>/dev/null +apt-get install -y fail2ban &>/dev/null +apt-get install -y iptables &>/dev/null +apt-get install -y ipset &>/dev/null +apt-get install -y xmlstarlet &>/dev/null +sed -i '/yum/d' /usr/local/src/mystic/ipban-install.sh &>/dev/null +sed -i '/systemctl/d' /usr/local/src/mystic/ipban-install.sh &>/dev/null +sed -e 's!sudo !!g' -i /usr/local/src/mystic/ipban-install.sh &>/dev/null +sed -i '/nano/d' /usr/local/src/mystic/ipban-install.sh &>/dev/null +bash /usr/local/src/mystic/ipban-install.sh &>/dev/null +if [ -z "${IPBAN_GROUP}" ]; then +groupadd ipban &>/dev/null +fi +usermod --append --groups ipban mystic &>/dev/null +chown -R root:ipban /opt/ipban &>/dev/null +chmod 775 /opt/ipban/ &>/dev/null +popd &>/dev/null +msg_ok "Installing IpBan Dependencies for ${APP}" + +#msg_info "Installing Fail2Ban Scripts for ${APP}" +#pushd /usr/local/src/mystic/mystic/ipban &>/dev/null +#bash install.sh $MYSTIC_DIR &>/dev/null +#popd &>/dev/null +#msg_ok "Installing Fail2Ban Scripts for ${APP}" + +fi + +#============================================================================================================== + sed -e 's/\\/\//g' -i ${MYSTIC_DIR}/mutil.ini sed -e "s!c:/mystic!${MYSTIC_DIR}!g" -i ${MYSTIC_DIR}/mutil.ini sed -e "s!d:/mystic!${MYSTIC_DIR}!g" -i ${MYSTIC_DIR}/mutil.ini