[Fail2ban-users] Fail2Ban persistent? Bash script : alpha

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello!

It is not the best bash script.
It is not optimized, and can be improved (a lot)

Also, I do not know python, so bash is my friend.

If I my tests do not fail (I slept 8 hours in 3 days and see what time it
is), this should work (at least in my home server).

I have it added for 1 hour in crontab, and do not receive error (only when
I try to add the chain "Offenders")

Who can be so brave to try it at home, and discuss the weaknesses?

That's is my basic testing: http://pastebin.com/GdwU7E68

And the bash script:

root@proxy:scripts# cat /root/scripts/f2b.sh
#!/bin/bash

LOG='/var/log/fail2ban.log'
CSV='/var/log/fail2ban.csv'
CSV_TMP='/tmp/csv.csv'
OFFENDERS='/tmp/offenders.txt'

DATE=`date +%Y-%m-%d-%H_%M_%S`

# --------------- CREATE BACKUP IPTABLES
iptables-save > /root/iptables.$DATE
# ----------------

/bin/grep Ban /var/log/fail2ban.log|awk {'print $7'}|sort --unique >> $CSV

#Delete duplicate
sort --unique $CSV     > $CSV_TMP
mv            $CSV_TMP   $CSV

#create a new chain
#hmmm.. i guess should check if exist before to add, but...
iptables -N Offenders

#GET content  from Offenders chain
iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print
$9'} >  $OFFENDERS

for i in `cat $CSV`; do
 if grep -Fxq "$i" $OFFENDERS
  then
    echo "$i exists in Offenders Chain. Skipping =("
  else
    echo "Adding $i to Offenders Chain"
    iptables -I Offenders -s $i -j DROP
  fi
done
#iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print
$9'}

-- 
Diego - Yo no soy paranoico! (pero que me siguen, me siguen) |
http://about.me/diegors/bio