Nextcloud VM Unban an IP from Fail2Ban, CrowdSec, Nextcloud bruteforce, UFW

unbanip.sh

#!/bin/bash
# Unban an IP from Fail2Ban, CrowdSec, Nextcloud bruteforce, UFW
# Usage: sudo ./unbanip.sh <IP>

IP=$1
if [ -z "$IP" ]; then
  echo "Usage: $0 <IP>"
  exit 1
fi

echo "🚀 Unbanning IP: $IP"
echo "======================================"

# --- Fail2Ban ---
if command -v fail2ban-client >/dev/null 2>&1; then
  jails=$(sudo fail2ban-client status 2>/dev/null | grep "Jail list:" | cut -d: -f2 | sed 's/,//g')
  for jail in $jails; do
    if sudo fail2ban-client status "$jail" | grep -q "$IP"; then
      echo "➡ Removing from Fail2Ban jail: $jail"
      sudo fail2ban-client set "$jail" unbanip "$IP"
    fi
  done
fi

# --- CrowdSec ---
if command -v cscli >/dev/null 2>&1; then
  if sudo cscli decisions list --ip "$IP" | grep -q "$IP"; then
    echo "➡ Removing from CrowdSec"
    sudo cscli decisions delete --ip "$IP"
  fi
fi

# --- Nextcloud Bruteforce ---
if [ -d "/var/www/nextcloud" ]; then
  if sudo -u www-data php /var/www/nextcloud/occ security:bruteforce:attempts "$IP" | grep -q "$IP"; then
    echo "➡ Resetting Nextcloud bruteforce entry"
    sudo -u www-data php /var/www/nextcloud/occ security:bruteforce:reset "$IP"
  fi
fi

# --- UFW (falls direkt geblockt) ---
if command -v ufw >/dev/null 2>&1; then
  if sudo ufw status numbered | grep -q "$IP"; then
    echo "➡ Found UFW rule mentioning IP, removing..."
    RULE_NUMS=$(sudo ufw status numbered | grep "$IP" | awk -F'[][]' '{print $2}')
    for r in $RULE_NUMS; do
      yes | sudo ufw delete "$r"
    done
  fi
fi

echo "======================================"
echo "✔ Unban completed for $IP"