forked from DigitalRuby/IPBan
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall_latest.ps1
More file actions
184 lines (168 loc) · 6.25 KB
/
install_latest.ps1
File metadata and controls
184 lines (168 loc) · 6.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
#
# One click install script for IPBan for Windows
# (c) 2011-Present Digital Ruby, LLC
# https://ipban.com
#
# PowerShell minimum version: 5.1
# Update PowerShell: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-windows?view=powershell-5.1
#
# Please run from an admin powershell prompt the following:
# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/DigitalRuby/IPBan/master/IPBanCore/Windows/Scripts/install_latest.ps1'))
#
# Should you ever wish to update IPBan, just re-run this script and it will auto-update and preserve your ipban.sqlite and ipban.config files!
#
# To uninstall, run this same script with an argument of uninstall
#
param
(
[Parameter(Mandatory=$False, Position = 0)]
[String] $uninstall,
[Parameter(Mandatory=$False, Position = 1)]
[Boolean] $silent = $False,
[Parameter(Mandatory=$False, Position = 2)]
[Boolean] $autostart = $True,
[Parameter(Mandatory=$False, Position = 3)]
[ValidateSet("delayed-auto", "auto")]
[String] $startupType = $null
)
if ($PSVersionTable.PSVersion.Major -lt 5 -or ($PSVersionTable.PSVersion.Major -eq 5 -and $PSVersionTable.PSVersion.Minor -lt 1))
{
Write-Output "This script requires powershell 5.1 or greater"
exit -1
}
$ProgressPreference = "SilentlyContinue"
$INSTALL_PATH = "C:\Program Files\IPBan"
$SERVICE_NAME = "IPBan"
$ErrorActionPreference = "Stop"
$tempPath = [System.IO.Path]::GetTempPath()
[bool] $isUninstall = ($uninstall -eq "u" -or $uninstall -eq "uninstall")
$CONFIG_FILE = "$INSTALL_PATH\ipban.config"
$INSTALL_EXE = "$INSTALL_PATH\DigitalRuby.IPBan.exe"
if (Get-Service $SERVICE_NAME -ErrorAction SilentlyContinue)
{
# create install path, ensure clean slate
Write-Output "Removing existing service"
try
{
Stop-Service -Name $SERVICE_NAME -Force
}
catch
{
}
& sc.exe delete $SERVICE_NAME
}
if (Test-Path -Path $INSTALL_PATH)
{
Write-Output "Removing existing directory at $INSTALL_PATH"
if ($isUninstall -eq $False)
{
if (Test-Path "$INSTALL_PATH\ipban.config")
{
copy-item "$INSTALL_PATH\ipban.config" $tempPath
}
if (Test-Path "$INSTALL_PATH\ipban.override.config")
{
copy-item "$INSTALL_PATH\ipban.override.config" $tempPath
}
if (Test-Path "$INSTALL_PATH\ipban.sqlite")
{
copy-item "$INSTALL_PATH\ipban.sqlite" $tempPath
}
if (Test-Path "$INSTALL_PATH\nlog.config")
{
copy-item "$INSTALL_PATH\nlog.config" $tempPath
}
}
else
{
Remove-Item "$INSTALL_PATH" -Force -Recurse
Write-Output "IPBan is fully uninstalled from this system"
exit 0
}
}
# download zip file
New-Item -Type Directory -path $INSTALL_PATH -ErrorAction SilentlyContinue
$ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/DigitalRuby/IPBan/releases/latest"
if ([System.Environment]::Is64BitOperatingSystem)
{
$url = ($ReleaseAssets.assets | ? name -Match "\-Windows\-x64").browser_download_url
} else {
$url = ($ReleaseAssets.assets | ? name -Match "\-Windows\-x86").browser_download_url
}
Write-Output "Downloading ipban from $Url"
$ZipFile = "$INSTALL_PATH\IPBan.zip"
# Forcing the Invoke-RestMethod PowerShell cmdlet to use TLS 1.2 to avoid error "The request was aborted: Could not create SSL/TLS secure channel."
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri $Url -OutFile $ZipFile
# extract zip file, cleanup zip file
Expand-Archive -LiteralPath $ZipFile -DestinationPath $INSTALL_PATH -Force
Remove-Item -Force $ZipFile
# copy back over the config and db file
if (Test-Path -Path "$tempPath\ipban.config")
{
copy-Item "$tempPath\ipban.config" "$INSTALL_PATH"
remove-Item "$tempPath\ipban.config"
}
if (Test-Path -Path "$tempPath\ipban.override.config")
{
copy-Item "$tempPath\ipban.override.config" "$INSTALL_PATH"
remove-Item "$tempPath\ipban.override.config"
}
if (Test-Path -Path "$tempPath\ipban.sqlite")
{
copy-Item "$tempPath\ipban.sqlite" "$INSTALL_PATH"
remove-Item "$tempPath\ipban.sqlite"
}
if (Test-Path -Path "$tempPath\nlog.config")
{
copy-Item "$tempPath\nlog.config" "$INSTALL_PATH"
remove-Item "$tempPath\nlog.config"
}
# ensure audit policy is logging
& auditpol.exe /set /category:"{69979849-797A-11D9-BED3-505054503030}" /success:enable /failure:enable
& auditpol.exe /set /category:"{69979850-797A-11D9-BED3-505054503030}" /success:enable /failure:enable
# prompt for startup type if not already specified
if ($silent -eq $True)
{
if ([string]::IsNullOrEmpty($startupType))
{
$startupType = "delayed-auto"
}
}
elseif ([string]::IsNullOrEmpty($startupType))
{
Write-Host "`n"
Write-Host "Select the services startup type:"
Write-Host '- The default is "delayed-auto" which waits for the higher priority services to start leaving the system briefly unprotected after boot while the recommended is "auto" however when using the latter you may encounter compatibility issues if you choose to do so please verify the service starts correctly after reboot.'
Write-Host "1. delayed-auto"
Write-Host "2. auto"
do
{
$choice = Read-Host "Enter selection"
switch ($choice)
{
"1" { $startupType = "delayed-auto"; Write-Host "You selected: $startupType`n" }
"2" { $startupType = "auto"; Write-Host "You selected: $startupType`n" }
default { Write-Host "Invalid selection, please enter 1-2!" }
}
}
while ([string]::IsNullOrEmpty($startupType))
}
# create service
& sc.exe create IPBAN type= own start= $startupType binPath= $INSTALL_EXE DisplayName= $SERVICE_NAME
& sc.exe description IPBAN "Automatically builds firewall rules for abusive login attempts: https://github.com/DigitalRuby/IPBan"
& sc.exe failure IPBAN reset= 9999 actions= "restart/60000/restart/60000/restart/60000"
if ($autostart -eq $True)
{
Start-Service IPBAN
}
else
{
Write-Output "IPBAN Service is in stopped state, you must start it manually."
}
if ($silent -eq $False)
{
# open config
Write-Output "Opening config file, make sure to whitelist your trusted ip addresses!"
& notepad $CONFIG_FILE
}