#!/bin/bash set -e export DEBIAN_FRONTEND=noninteractive # ansible.builtin.script: # chdir: /root # just in case one runs the script outside ansible cd /root/ [[ ! -x `which dpkg` ]] && echo error: dpkg executable not found && exit 1 # we do not check for latest version right here echo -n checking sshguard package ... if dpkg -s sshguard >/dev/null 2>&1; then # ok=1 changed=0 echo already else echo missing echo -n update package cache ... apt-get -q -y update >/dev/null 2>&1 && echo done # eventually failed=1 echo -n install sshguard nftables ... apt-get -q -y install sshguard nftables >/dev/null && echo done # sample config is not necessarily there e.g. on bionic if [[ -f /etc/sshguard/sshguard.conf ]]; then echo -n clean-up sample /etc/sshguard/sshguard.conf ... [[ ! -f /etc/sshguard/sshguard.conf.dist ]] && mv -f /etc/sshguard/sshguard.conf /etc/sshguard/sshguard.conf.dist grep -vE '^#|^$' /etc/sshguard/sshguard.conf.dist > /etc/sshguard/sshguard.conf.clean grep -vE '^#|^$' /etc/sshguard/sshguard.conf.dist > /etc/sshguard/sshguard.conf && echo done fi # sample whitelist still there on bionic if [[ -f /etc/sshguard/whitelist ]]; then echo -n clean-up sample /etc/sshguard/whitelist ... [[ ! -f /etc/sshguard/whitelist.dist ]] && mv -f /etc/sshguard/whitelist /etc/sshguard/whitelist.dist grep -vE '^#|^$' /etc/sshguard/whitelist.dist > /etc/sshguard/whitelist.clean grep -vE '^#|^$' /etc/sshguard/whitelist.dist > /etc/sshguard/whitelist && echo done fi # already gets started and enabled by default # default setup tracks ssh only #systemctl enable sshguard --now changed=1 fi [[ -z $changed ]] && echo nothing changed && exit 0 # ok=1 changed=1 echo changed - all done