From 471e391a2adf60e70f0080642f60f540d05bd1b2 Mon Sep 17 00:00:00 2001
From: Luis Guzman <ark@switnet.org>
Date: Wed, 28 Oct 2020 15:07:07 -0600
Subject: [PATCH] Add fail2ban tool

---
 tools/fail2ban_ssh.sh | 45 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 tools/fail2ban_ssh.sh

diff --git a/tools/fail2ban_ssh.sh b/tools/fail2ban_ssh.sh
new file mode 100644
index 0000000..d61fb71
--- /dev/null
+++ b/tools/fail2ban_ssh.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+# Simple Fail2ban configuration
+# 2020 - SwITNet Ltd
+# GNU GPLv3 or later.
+
+while getopts m: option
+do
+	case "${option}"
+	in
+		m) MODE=${OPTARG};;
+		\?) echo "Usage: sudo ./fail2ban_ssh.sh [-m debug]" && exit;;
+	esac
+done
+
+#DEBUG
+if [ "$MODE" = "debug" ]; then
+set -x
+fi
+
+#Check if user is root
+if ! [ $(id -u) = 0 ]; then
+   echo "You need to be root or have sudo privileges!"
+   exit 0
+fi
+
+apt-get -y install fail2ban
+
+if \
+[ -f /var/log/ssh_f2b.log ] && \
+[ $(grep -c 604800 /etc/fail2ban/jail.local) = "1" ] && \
+[ $(grep -c ssh_f2b.log /etc/fail2ban/jail.local) = "1"]; then
+    echo -e "\nFail2ban seems to be already configured.\n"
+else
+    echo -e "\nConfiguring Fail2ban...\n"
+cat << F2BAN >> /etc/fail2ban/jail.local
+[sshd]
+enabled = true
+port = 22
+filter = sshd
+logpath = /var/log/ssh_f2b.log
+maxretry = 3
+bantime = 604800
+F2BAN
+fi
+systemctl restart fail2ban