linux/ddos-mitigator
1
0
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

Add .editorconfig file and implement dependency check that can be

Browse source 
invoked from the command line.
This commit is contained in:
Manuel Friedli 2020-09-15 23:28:48 +02:00
parent 7328bbac8f
commit a396d1cf4e
2 changed files with 69 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.editorconfig Normal file
View file

@ -0,0 +1,5 @@
root = true
[*.sh]
indent_size = 4
indent_style = tab

86
ddos-mitigator.sh
View file

@ -42,6 +42,24 @@ MY_IP="94.199.214.20"
# After this point, no editing is required. # After this point, no editing is required.
start=$(date +%s) start=$(date +%s)
# Dependencies of this script. Simple array with the following structure:
# (command package [...])
dependencies=(
"sudo" "app-admin/sudo"
"python" "dev-lang/python:3.8"
"fail2ban-client" "net-analyzer/fail2ban"
"cut" "sys-apps/coreutils"
"id" "sys-apps/coreutils"
"sort" "sys-apps/coreutils"
"touch" "sys-apps/coreutils"
"tr" "sys-apps/coreutils"
"uniq" "sys-apps/coreutils"
"grep" "sys-apps/grep"
"sponge" "sys-apps/moreutils"
"netstat" "sys-apps/net_tools"
"getopt" "sys-apps/util-linux"
)
# These suffixes must be appended to the respective addresses and subnets. # These suffixes must be appended to the respective addresses and subnets.
suffix8="/8" suffix8="/8"
suffix16="/16" suffix16="/16"
@ -61,18 +79,40 @@ bold="$(printf '\033[1m')"
reset="$(printf '\033[0m')" reset="$(printf '\033[0m')"
# Clean up when the script exits. # Clean up when the script exits.
trap 'sudo -k; rm -r ${tmpdir}' EXIT trap 'sudo -k 2>/dev/null >&2; rm -r ${tmpdir}' EXIT
function check_installed() { function is_installed() {
which "${1}" 2>/dev/null >&2
return $?
}
function print_missing_dependency() {
local command="$1" local command="$1"
local package="$2" local package="$2"
which "${command}" 2>/dev/null >&2
local result=$?
if [[ "${result}" -ne 0 ]] ; then echo "${red}Command ${bold}${command}${reset}${red} not found.${reset} Please install package ${blue}${package}${reset}." >&2
echo "${red}Command ${bold}${command}${reset}${red} not found.${reset} Please install package ${blue}${package}${reset}." }
exit 1
fi function check_dependencies() {
local arraylength=${#dependencies[@]}
local res=
local command=
local package=
# 0: true, all installed; 1: false, at least one command/package missing
local all_installed=0
for (( i=0; i<${arraylength}; i+=2 )) ; do
command="${dependencies[$i]}"
package="${dependencies[$i+1]}"
is_installed "${command}" "${package}"
res=$?
if [[ $res -ne 0 ]] ; then
print_missing_dependency "${command}" "${package}"
all_installed=1
fi
done
return ${all_installed}
} }
function print_help() { function print_help() {
@ -96,6 +136,12 @@ Usage: $(basename $0) -d FILE [OPTION...]
comma-separated values; defaults to 'CN' comma-separated values; defaults to 'CN'
(China). (China).
-e, --dependencies Check if all required dependencies are
installed. If all dependencies are found,
exits with code 0. Otherwise, missing
dependencies are printed to stderr and
the program terminates with code 1.
-j, --jail=JAIL Specify the JAIL to use for banning the IP -j, --jail=JAIL Specify the JAIL to use for banning the IP
addresses. addresses.
Defaults to 'apache-auth'. Defaults to 'apache-auth'.
@ -152,7 +198,7 @@ function filter() {
} }
function parse_command_line_args() { function parse_command_line_args() {
TEMP=$(getopt -o 'a::,c:,d:,j:,n:,p:,h' -l 'auto::,country:,database:,jail:,netmask:,port:,help' -- "$@") TEMP=$(getopt -o 'a::,c:,d:,e,j:,n:,p:,h' -l 'auto::,country:,database:,dependencies,jail:,netmask:,port:,help' -- "$@")
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2 echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2
@ -191,6 +237,10 @@ function parse_command_line_args() {
database="$2" database="$2"
shift shift
;; ;;
'-e'|'--dependencies')
check_dependencies
exit $?
;;
'-j'|'--jail') '-j'|'--jail')
jail="$2" jail="$2"
shift shift
@ -408,19 +458,11 @@ port=443
parse_command_line_args "$@" parse_command_line_args "$@"
check_installed "sudo" "app-admin/sudo" check_dependencies
check_installed "python" "dev-lang/python:3.8" dependencies_ok=$?
check_installed "fail2ban-client" "net-analyzer/fail2ban" if [[ ${dependencies_ok} -ne 0 ]] ; then
check_installed "cut" "sys-apps/coreutils" exit ${dependencies_ok}
check_installed "id" "sys-apps/coreutils" fi
check_installed "sort" "sys-apps/coreutils"
check_installed "touch" "sys-apps/coreutils"
check_installed "tr" "sys-apps/coreutils"
check_installed "uniq" "sys-apps/coreutils"
check_installed "grep" "sys-apps/grep"
check_installed "sponge" "sys-apps/moreutils"
check_installed "netstat" "sys-apps/net_tools"
check_installed "getopt" "sys-apps/util-linux"
# List already banned addresses in the chosen jail # List already banned addresses in the chosen jail
banned="$(exec_as_root fail2ban-client get "${jail}" banip)" banned="$(exec_as_root fail2ban-client get "${jail}" banip)"