External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve fail2ban setup

Browse Source
This commit is contained in:
buildplan
2025-11-24 15:06:56 +00:00
parent ae94f7391c
commit cf8f5aa104
1 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
du_setup.sh
View File

@@ -3659,20 +3659,36 @@ configure_fail2ban() {
local prompt_change="" local prompt_change=""
# Auto-detect and offer to whitelist current SSH connection # Auto-detect and offer to whitelist current SSH connection
local DETECTED_IP=""
if [[ -n "${SSH_CONNECTION:-}" ]]; then if [[ -n "${SSH_CONNECTION:-}" ]]; then
local CURRENT_IP="${SSH_CONNECTION%% *}" DETECTED_IP="${SSH_CONNECTION%% *}"
print_info "Detected SSH connection from: $CURRENT_IP" fi
if [[ -z "$DETECTED_IP" ]]; then
local WHO_IP
WHO_IP=$(who -m 2>/dev/null | awk '{print $NF}' | tr -d '()')
if validate_ip_or_cidr "$WHO_IP"; then
DETECTED_IP="$WHO_IP"
fi
fi
if [[ -z "$DETECTED_IP" ]]; then
local SS_IP
SS_IP=$(ss -tnH state established '( dport = :22 or sport = :22 )' 2>/dev/null | head -n 1 | awk '{print $NF}' | cut -d: -f1 | cut -d] -f1)
if validate_ip_or_cidr "$SS_IP"; then
DETECTED_IP="$SS_IP"
fi
fi
if [[ -n "$DETECTED_IP" ]]; then
print_info "Detected SSH connection from: $DETECTED_IP"
if confirm "Whitelist your current IP ($CURRENT_IP) in Fail2Ban?"; then if confirm "Whitelist your current IP ($DETECTED_IP) in Fail2Ban?"; then
if validate_ip_or_cidr "$CURRENT_IP"; then IGNORE_IPS+=("$DETECTED_IP")
IGNORE_IPS+=("$CURRENT_IP")
print_success "Added your current IP to whitelist." print_success "Added your current IP to whitelist."
log "Auto-whitelisted SSH connection IP: $CURRENT_IP" log "Auto-whitelisted SSH connection IP: $DETECTED_IP"
fi
prompt_change=" additional"
else else
print_warning "Could not validate current IP. Please add it manually." print_warning "Could not auto-detect current SSH IP. (This is normal in some VM/sudo environments)"
fi print_info "You can manually add your IP in the next step."
fi
prompt_change=" additional" # Modifies following prompt based on presence of SSH connection.
fi fi
if [[ $VERBOSE != false ]] && \ if [[ $VERBOSE != false ]] && \