From e12361472bcd20db65ac54133994d0b4925275b2 Mon Sep 17 00:00:00 2001 From: Manuel Friedli Date: Sat, 25 Jul 2020 00:06:48 +0200 Subject: [PATCH] Implement command line option to specify the fail2ban jail to use. --- ddos-mitigator.sh | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/ddos-mitigator.sh b/ddos-mitigator.sh index cbe0051..63eb120 100755 --- a/ddos-mitigator.sh +++ b/ddos-mitigator.sh @@ -68,6 +68,9 @@ Usage: $(basename $0) [OPTION...] least LIMIT current connections. When LIMIT is omitted, assume LIMIT=1. + -j, --jail=JAIL Specify the JAIL to use for banning the IP addresses. If + not set, uses 'apache-auth'. + -n, --netmask=SIZE SIZE defines the subnet size in bytes to be analyzed. Valid values are: - 1 or 8 for class A networks (X.0.0.0/8) @@ -86,7 +89,7 @@ ENDOFHELP } function parseCommandline() { - TEMP=$(getopt -o 'a::,n:,h' -l 'auto::,netmask:,help' -- "$@") + TEMP=$(getopt -o 'a::,j:,n:,h' -l 'auto::,jail:,netmask:,help' -- "$@") if [ $? -ne 0 ] ; then echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2 @@ -99,7 +102,7 @@ function parseCommandline() { while true ; do case "$1" in '-a'|'--auto') - case $2 in + case "$2" in '') autopilot=1 ;; @@ -108,11 +111,15 @@ function parseCommandline() { exit 1 ;; *) - autopilot=$2 + autopilot="$2" ;; esac shift ;; + '-j'|'--jail') + jail="$2" + shift + ;; '-n'|'--netmask') case "$2" in '1'|'8') @@ -154,6 +161,7 @@ function parseCommandline() { # Parse the command line options autopilot=0 netmask=0 +jail="apache-auth" parseCommandline "$@" @@ -372,9 +380,9 @@ while read -r addr ; do echo "Banning ${addr} ..." if [[ $(id -un) == "root" ]] ; then # Don't use sudo when we're running as root. - fail2ban-client set apache-auth banip "${addr}" + fail2ban-client set "${jail}" banip "${addr}" else - sudo fail2ban-client set apache-auth banip "${addr}" + sudo fail2ban-client set "${jail}" banip "${addr}" fi done < "${banlist}"