maxiwall

#!/bin/bash
# ==================================================
_APP_SPECIFIC_NAME="Maxiwall"
_APP_VERSION="0.6"
_APP_STATUS="beta"
_APP_INFO="${_APP_SPECIFIC_NAME} (maxiwall) is bash script to manage CSF, AbuseIPDB and Suricata
with extra features. This script is also a wrapper to manage suricata .lua report with IPS capability"
_APP_VERSION_STATUS="${_APP_VERSION}-${_APP_STATUS}"
_AUTHOR="Author: Arafat Ali | Email: arafat@sofibox.com | (C) 2019-2023"
# ====================================================

# This function is used to handle exit trap that can accept multiple trap arguments
# syntax: traps <traps_cleanup_function> SIG1 SIG2 SIG3 ... SIGN[N]
# eg: traps exit_function QUIT INT TERM EXIT
traps() {
  local clean_function
  clean_function="$1"
  shift
  for sig; do
    trap "${clean_function} ${sig}" "${sig}"
  done
}

maxiwall_debug_exit() {
  local retval caller
  caller="$(basename -- "$0")->${FUNCNAME[0]}"
  ((CTRL_C_COUNT++))
  if [[ $CTRL_C_COUNT == 1 ]]; then
    local signal
    signal="$1"
    echo ""
    if [ "${signal}" == "INT" ]; then
      echo "[${caller}]: *** Suricata debug mode has been terminated by ${USER}! ***"
      echo ""
    fi
  fi

  # Restore suricata.yaml
  echo "[${caller}]: Restoring suricata.yaml ..."
  yq eval --inplace '.rule-files = ["suricata.rules", "/usr/local/maxicode/maxiwall/maxiwall.rules"]' "${SURICATA_YAML}"
  retval="$?"
  if [[ "${retval}" -eq 0 ]]; then
    echo "[${caller}]: suricata.yaml restored successfully."
  else
    echo "[${caller}]: Error, suricata.yaml restore failed."
  fi

  echo ""

  # Starting suricata
  echo "[${caller}]: Starting suricata.service ..."
  systemctl restart suricata
  retval="$?"
  if [[ "${retval}" -eq 0 ]]; then
    echo "[${caller}]: suricata.service started successfully."
  else
    echo "[${caller}]: Error, suricata.service start failed."
  fi
  echo ""
  echo "                             **END DEBUG**                        "
  echo "=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~"

  exit
}

# This function is used by traps() function to clean exit
exit_script() {
  ((CTRL_C_COUNT++))
  if [[ ${CTRL_C_COUNT} == 1 ]]; then
    local signal
    signal="$1"
    if [ "${signal}" == "INT" ]; then
      echo "*** Warning, this script has been terminated by user: ${USER}!***"
    fi
  fi
  # clean exit
  exit
}

# This function is used to display the main help message from readme file.
# Usage: readme [file]
# Example: readme /docs/README.md
readme() {
  local readme_file="${1}"

  if [ -f "${readme_file}" ]; then
    cat "${readme_file}"
    echo ""
  else
    echo "Error, the readme file ${readme_file} does not exist."
    exit 1
  fi
}

# This function is used to convert an integer to ordinal number
# Usage: ordinal [number]
# Example: ordinal 1
# Output: 1st
to_ordinal() {
  local integer
  integer="$1"
  case "${integer}" in
  *1[0-9] | *[04-9]) echo "${integer}"th ;;
  *1) echo "${integer}"st ;;
  *2) echo "${integer}"nd ;;
  *3) echo "${integer}"rd ;;
  esac
}

# This function gets the operating system ID, version number and codename
# syntax: get_distro <id|version|codename>
# eg: get_distro id | sample output: centos
get_distro() {
  local arg distro_id distro_version distro_codename
  arg="$1"
  # any new Linux distribution must have this (it is a standard file os checking for linux)
  if [ -e /etc/os-release ]; then
    # get the distro ID from /etc/os-release and make sure it is in lowercase format without any double quotations
    distro_id=$(awk -F= '$1 == "ID" {print $2}' /etc/os-release | LC_ALL=C tr '[:upper:]' '[:lower:]' | tr -d "\"")
    distro_version=$(awk -F= '$1 == "VERSION_ID" {print $2}' /etc/os-release | tr -d "\"")
    distro_codename=$(awk -F= '$1 == "VERSION_CODENAME" {print $2}' /etc/os-release | tr -d "\"")

  # but just in case (a small case) if it doesn't have this then we can use lsb_release command
  elif type lsb_release >/dev/null 2>&1; then
    # get the distro id using lsb_release function.
    # if the ID has uppercase letter, cover it to lowercase
    distro_id=$(lsb_release -si | LC_ALL=C tr '[:upper:]' '[:lower:]')
    distro_version=$(lsb_release -sr)
    distro_codename=$(lsb_release -sc)
  # else if that doesn't exist at all, we can use the standard checking version format: "Linux <version>"
  else
    # this will not printout a single distribution ID that we want (it prints out the Generic Linux kernel version)
    # but using this we should terminate this script because we only need single distribution ID (eg: debian)
    distro_id=$(uname -s)
    distro_version=$(uname -r)
    distro_codename=""
  fi
  # return values here with echo
  if [ "${arg}" == "id" ]; then
    echo "${distro_id}"
  elif [ "${arg}" == "version" ]; then
    echo "${distro_version}"
  elif [ "${arg}" == "codename" ]; then
    echo "${distro_codename}"
  fi
}

# This function is used to navigate to a given path and save the previous path to a variable
# You can use PREVIOUS to go back to the previous path
# Usage: navigate_to [path]
# Example: navigate_to /opt
# Example 2: navigate_to PREVIOUS
navigate_to() {
  local to_path caller
  to_path="$1"
  caller="$(basename -- "$0")->${FUNCNAME[0]}"

  if [[ "${to_path^^}" == +(PRE|PREVIOUS|OLDPATH|BACK|OLDPWD) ]]; then
    # OLD_PATH holds a previous path (see global variable of PREPATH in this script)
    echo "[${caller}]: Navigating out into ${OLD_PATH} ..."
    to_path="${OLD_PATH}"
  else
    echo "[${caller}]: Navigating into ${to_path} ..."
    OLD_PATH="${PWD}"
  fi

  cd "${to_path}" || {
    echo "[${caller}]: Error, failed to enter into the directory ${to_path}"
    exit 1
  }

}

# This function will display a confirmation to continue (force continue; no exit function)
_confirm() {
  # call with a prompt string or use a default
  read -r -p "[${SCRIPT_NAME}]: ${1:-Continue? [y] Exit? [CTRL+C]} " response
  case "$response" in
  [yY][eE][sS] | [yY])
    return 0
    ;;
  *)
    echo "[${SCRIPT_NAME}]: Invalid response to the question!"
    _confirm "$1"
    ;;
  esac
}

# This function is used to ask the next action.
# Usage: _ask [message] [default-response]
# Example: _ask "Do you want to continue?" "y"
_ask() {
  local text default_response
  text=$1
  default_response=$2
  if [ -z "${default_response}" ]; then
    default_response="Y"
  fi
  read -r -p "${text} [default:${default_response}] [Y/n]: " response
  # Simulate a default response so that we can press Enter key
  if [[ -z "${response}" ]]; then
    response="${default_response}"
  fi
  if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
    return 0
  else
    echo "[${SCRIPT_NAME}->${FUNCNAME[0]}->cancel]: Operation aborted!"
    exit 0
  fi
}

# Print if verbose is enabled and not in scripting mode
info() {
  local caller
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  if [[ ${VERBOSE} -ge "$1" ]]; then
    echo "[${caller}]: $2"
  fi
}

# Error handling that must exit the script manually
error() {
  local caller
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  [[ "${SCRIPTING}" == false ]] && echo "[${caller}]: $1" >&2
  [[ "${SCRIPTING}" == true ]] && echo "error"
  exit 254
}

# Handling script simple status
get_status_message() {
  local retval
  retval="$1"
  if [[ "${retval}" -eq 0 ]]; then
    info 3 "[ OK ]"
  else
    error "[ FAILED ]"
  fi
}

check_path() {
  local paths
  paths="$*"
  for path in ${paths}; do
    if [ -f "${path}" ]; then
      :
      #echo "path is file"
    elif [ -d "${path}" ]; then
      :
      # echo "path is dir"
    elif [ -L "${path}" ]; then
      :
      #echo "path is link"
    elif [ -S "${path}" ]; then
      :
      #echo "path is socket"
    else
      error "Error, path is not valid: ${path}"
    fi
  done
}

# Prompt user to reconfigure script
setup_wizard() {
  local caller
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  echo -ne "[${caller}->input]: Do you want to run setup wizard? [y/n]: "
  read -r answer
  if [[ "${answer}" == "y" || "${answer}" == "Y" ]]; then
    # Copy the sample config file from template
    info 1 "Converting config file into unix format"
    sed -i 's/\r$//' "${SCRIPT_PATH}/${SCRIPT_NAME}.conf.sample"
    info 1 "Copying sample config file from template ..."
    cp -f "${SCRIPT_PATH}/${SCRIPT_NAME}.conf.sample" "${CONFIG_FILE}"
    retval=$?
    info 1 "Using config file: ${CONFIG_FILE}"
    if [ "${retval}" -eq 0 ]; then
      info 1 "Ok, sample config file copied successfully"
      read_config
    else
      error "Sample config file copied failed"
      exit 1
    fi
  else
    info 1 "Ok, setup wizard skipped"
  fi

  exit 0
}

# Read config file
read_config() {
  local caller

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"

  if [[ -z "${CONFIG_FILE}" ]]; then
    info 2 "Using default config file: ${SCRIPT_PATH}/${SCRIPT_NAME}.conf"
    CONFIG_FILE="${SCRIPT_PATH}/${SCRIPT_NAME}.conf"
  else
    info 2 "Using config file: ${CONFIG_FILE}"
  fi

  info 2 "Checking config file ${CONFIG_FILE} ..."

  if [[ -f ${CONFIG_FILE} ]]; then
    sed -i 's/\r$//' "${CONFIG_FILE}"
    TEST_SOURCE="$(source "${CONFIG_FILE}" 2>&1 >/dev/null)"
    RETVAL=$?
    if [[ ${RETVAL} -eq 0 ]]; then
      source "${CONFIG_FILE}" 2>/dev/null
    else
      info 1 "Warning, config file ${CONFIG_FILE} contains invalid syntax"
      info 2 "Invalid syntax details:"
      info 2 "${TEST_SOURCE}"
      mv "${CONFIG_FILE}" "${CONFIG_FILE}".old
      info 2 "The old configuration file has been backed up as ${CONFIG_FILE}.old"
      setup_wizard
    fi
  else
    echo "[${caller}]: Warning, config file ${CONFIG_FILE} not found"
    setup_wizard
  fi

}
# Resolve a given target to an IP
resolve() {

  local target ip_lookup

  target="$1"

  # Convert target to IP with slash notation
  if ipcalc -c -4 "${target}" >/dev/null 2>&1; then
    ip_lookup="${target}"
  elif ipcalc -c -6 "${target}" >/dev/null 2>&1; then
    ip_lookup=$(ipcalc -6 "${target}" | awk '/^Full Address:/ { print $NF }')
  else
    local get_ip_lookup
    get_ip_lookup=$(getent hosts "${target}" | awk '{ print $1 ; exit }')
    if ipcalc -c -4 "${get_ip_lookup}" >/dev/null 2>&1; then
      ip_lookup="${get_ip_lookup}"
    elif ipcalc -c -6 "${get_ip_lookup}" >/dev/null 2>&1; then
      ip_lookup=$(ipcalc -6 "${get_ip_lookup}" | awk '/^Full Address:/ { print $NF }')
    else
      ip_lookup=""
    fi
  fi

  echo "${ip_lookup}"

}

scan() {

  local caller target

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target="${TARGET}"

  if [[ -z "${target}" ]]; then
    error "No target specified for scanning (eg ${SCRIPT_NAME} -t example.com)"
  fi

  echo "[${caller}]: Scanning target ${target} ..."

  if [[ "${ABUSEIPDB_ENABLE_SCAN}" == "true" ]]; then
    if command -v aipdb >/dev/null 2>&1; then
      # echo "[${caller}]: Scanning target ${target} using AbuseIPDB ..."
      aipdb check -ko "${LOG_PATH}/aipdb_output.log" -t "${target}"
    else
      echo "[Skipped]: aipdb is not installed"
    fi
    echo ""
  else
    echo "[Skipped]: ABUSEIPDB_ENABLE_SCAN is disabled"
  fi

  if [[ "${BLCHECK_ENABLE_SCAN}" == "true" ]]; then
    if command -v blcheck >/dev/null 2>&1; then
      # echo "[${caller}]: Scanning ${target} using blcheck ..."
      blcheck -ko "${LOG_PATH}/blcheck_output.log" -l "${CONFIG_PATH}/blcheck_service_list" "${target}"
    else
      echo "[Skipped]: blcheck is not installed"
    fi
    echo ""
  else
    echo "[Skipped]: BLCHECK_ENABLE_SCAN is disabled"
  fi

  if [[ "${GREYNOISE_ENABLE_SCAN}" == "true" ]]; then
    if command -v greynoise >/dev/null 2>&1; then
      # echo "[${caller}]: Scanning target ${target} using greynoise ..."
      greynoise check -ko "${LOG_PATH}/greynoise_output.log" -t "${target}"
    else
      echo "[Skipped]: greynoise is not installed"
    fi
    echo ""
  else
    echo "[Skipped]: GREYNOISE_ENABLE_SCAN is disabled"
  fi

  if [[ "${VIRUSTOTAL_ENABLE_SCAN}" == "true" ]]; then
    if command -v virustotal >/dev/null 2>&1; then
      # echo "[${caller}]: Scanning target ${target} using virustotal ..."
      virustotal check -ko "${LOG_PATH}/virustotal_output.log" -t "${target}"
    else
      echo "[Skipped]: virustotal is not installed"
    fi
    echo ""
  else
    echo "[Skipped]: VIRUSTOTAL_ENABLE_SCAN is disabled"
  fi

  if [[ "${MAXILOG_ENABLE_SCAN}" == "true" ]]; then
    if command -v maxilog >/dev/null 2>&1; then
      # echo "[${caller}]: Scanning target ${target} using maxilog ..."
      maxilog scan --target "${target}"
    else
      echo "[Skipped]: maxilog is not installed"
    fi
    echo ""
  else
    echo "[Skipped]: MAXILOG_ENABLE_SCAN is disabled"
  fi

  if [[ "${MODSECURITY_ENABLE_SCAN}" == "true" ]]; then
    local ipv4 ipv6_uncompress ipv6_semi_compress ipv6_compress mod_security_log_path result

    mod_security_log_path="/var/log/nginx/modsec_audit.log"

    # Search for modsecurity logs
    if [[ ! -f "${mod_security_log_path}" ]]; then
      mod_security_log_path="/var/log/apache2/modsec_audit.log"
    fi

    if [[ ! -f "${mod_security_log_path}" ]]; then
      mod_security_log_path="/var/log/httpd/modsec_audit.log"
    fi

    if [[ ! -f "${mod_security_log_path}" ]]; then
      mod_security_log_path="/var/log/apache/modsec_audit.log"
    fi

    if [[ ! -f "${mod_security_log_path}" ]]; then
      error "ModSecurity log file not found"
    fi

    if ipcalc -4 -n "${target}" >/dev/null 2>&1; then
      ipv4="${target}"
      result=$(jq --arg ipv4 "${ipv4}" '.transaction | select(.client_ip == $ipv4)' "${mod_security_log_path}")

    else
      ipv6_uncompress=$(ipcalc -6 "${target}" | awk '/^Full Address:/ { print $NF }')
      ipv6_semi_compress=$(echo "${ipv6_uncompress}" | awk -F: 'BEGIN {OFS=":"} {for (i=1; i<=NF; i++) if ($i == "0000") {$i="0"}; gsub(/0{1,3}:/,"::"); print}')
      ipv6_compress=$(ipcalc -6 "${ipv6_uncompress}" | awk '/^Address:/ { print $NF }')
      result=$(jq --arg ipv6_uncompress "${ipv6_uncompress}" --arg ipv6_semi_compress "${ipv6_semi_compress}" --arg ipv6_compress "${ipv6_compress}" '.transaction | select(.client_ip == $ipv6_uncompress or .client_ip == $ipv6_semi_compress or .client_ip == $ipv6_compress)' "${mod_security_log_path}")

    fi

    if [ -n "${result}" ]; then
      local found_count
      found_count=$(echo "${result}" | jq -r '.client_ip' | wc -l)
      info 0 "IP found in modsecurity log file (count): ${found_count}"
    else
      info 0 "IP not found in modsecurity log file"
    fi
    echo ""
  else
    error "MODSECURITY_ENABLE_SCAN is disabled"
  fi

  if [[ "${CSF_ENABLE_SCAN}" == "true" ]]; then
    local csf_deny_path

    csf_deny_path="/etc/csf/csf.deny"

    if [[ ! -f "${csf_deny_path}" ]]; then
      error "CSF deny file not found"
    fi

    # Check the result of the csf command for the given IP
    result=$(csf -g "${target}")

    # Check if the IP is blocked
    if [[ "${result}" == *"IPSET: Set:chain_DENY Match:"* || "${result}" == *"IPSET: Set:chain_6_DENY Match:"* ]]; then
      info 0 "IP found in csf deny file"
    else
      info 0 "IP not found in csf deny file"
    fi

  else
    error "CSF_ENABLE_SCAN is disabled"
  fi

  if [[ "${CSF_ENABLE_CIDR_SCAN}" == "true" ]]; then
    local csf_deny_path target_ip ip_to_cidr bad_ips cidr_ips_file cidr_ips_count

    csf_deny_path="/etc/csf/csf.deny"

    if [[ ! -f "${csf_deny_path}" ]]; then
      error "CSF deny file not found"
    fi

    target_ip=$(resolve "${TARGET}")

    info 1 "Target ${TARGET} is resolved to ${target_ip}"

    if [ -z "${target_ip}" ]; then
      error "No IP address found for target ${TARGET} (eg: ${SCRIPT_NAME} --ip-address=1.2.3.4)"
    fi

    if ! ipcalc -4 -sc "${target_ip}"; then
      error "IP ${target_ip} is not a valid IPv4 address (eg: ${SCRIPT_NAME} --ip-address=1.2.3.4)"
    fi

    if [ -z "${NETMASK}" ]; then
      info 1 "No netmask specified, using default netmask of 24"
      NETMASK=24
    else
      info 1 "Using netmask ${NETMASK}"
    fi

    # Make sure target_ip exist in INPUT_FILE
    if ! grep -q "^${target_ip}" "${INPUT_FILE}"; then
      error "IP ${target_ip} does not exist in ${INPUT_FILE}"
    fi

    ip_to_cidr=$(ipcalc --silent "${target_ip}/${NETMASK}" | awk '/^Network:/{ print $NF }' | tail -n 1)
    info 0 "Searching for IP ${target_ip} with network ${ip_to_cidr} in ${INPUT_FILE} ..."

    # Check inside the file if the IP (in netmask/cidr form) is already there

    if grep -q "${ip_to_cidr}" "${INPUT_FILE}"; then
      error "IP ${ip_to_cidr} already exists in ${INPUT_FILE}"
    fi

    # This will only get input that is not blankspace, comment

    bad_ips=$(grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "${INPUT_FILE}" | grep -v '^\s*$\|^\s*\#')

    if [[ -z "${bad_ips}" ]]; then
      error "No bad IPs found in ${INPUT_FILE}"
    fi

    cidr_ips_file=$(mktemp)

    while read -r ip; do
      cidr_ip=$(ipcalc --silent "${ip}/${NETMASK}" | awk '/^Network:/{ print $NF }')
      echo "${cidr_ip}" >>"${cidr_ips_file}"
    done <<<"${bad_ips}"

    cidr_ips_count=$(grep -c "${ip_to_cidr}" "${cidr_ips_file}")

    ((cidr_ips_count--))

    if [[ "${VERBOSE}" -ge 0 ]]; then
      info 0 "The IP address ${target_ip} shares its network with ${cidr_ips_count} other IP(s)"
    else
      echo "${cidr_ips_count}"
    fi

    rm -f "${cidr_ips_file}"
  else
    error "CSF_ENABLE_CIDR_SCAN is disabled"
  fi

}

# This will return the abuseipdb score of a given IP
# Range is from 0 to 100 (integer), or error (exit 254)
# Use with --scripting option
get_aipdb_score() {
  local caller target

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target="${TARGET}"

  if [[ "${ABUSEIPDB_ENABLE_SCAN}" == "true" ]]; then
    if command -v aipdb >/dev/null 2>&1; then
      aipdb check -sko "${LOG_PATH}/aipdb_output.log" -t "${target}"
    else
      error "aipdb is not installed"
    fi
  else
    error "ABUSEIPDB_ENABLE_SCAN is disabled"
  fi
}

# This will return the blcheck score of a given IP
# Range is from 0 to 100.00 (float), or error (exit 254)
# Use with --scripting option
get_blcheck_score() {
  local caller target
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target="${TARGET}"
  if [[ "${BLCHECK_ENABLE_SCAN}" == "true" ]]; then
    if command -v blcheck >/dev/null 2>&1; then
      blcheck -sko "${LOG_PATH}/blcheck_output.log" -l "${CONFIG_PATH}/blcheck_service_list" "${target}"
    else
      error "blcheck is not installed"
    fi

  else
    error "BLCHECK_ENABLE_SCAN is disabled"
  fi
}

# This will return the greynoise score of a given IP
# Return status are clean - (return 0), malicious (return 1), unknown (return 2), null (return 3), error (return 4).
# Use with --scripting option
get_greynoise_score() {
  local caller target
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target="${TARGET}"
  if [[ "${GREYNOISE_ENABLE_SCAN}" == "true" ]]; then
    if command -v greynoise >/dev/null 2>&1; then
      greynoise check -sko "${LOG_PATH}/greynoise_output.log" -t "${target}"
    else
      error "greynoise is not installed"
    fi
  else
    error "GREYNOISE_ENABLE_SCAN is disabled"
  fi
}

# This will return the virustotal score of a given IP
# Return status are clean - (return 0), suspicious (return 1), malicious (return 2), unknown (return 3), or error (exit 254).
# Use with --scripting option
get_virustotal_score() {
  local caller target
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target="${TARGET}"
  if [[ "${VIRUSTOTAL_ENABLE_SCAN}" == "true" ]]; then
    if command -v virustotal >/dev/null 2>&1; then
      # echo "[${caller}]: Scanning target ${target} using virustotal ..."
      virustotal check -sko "${LOG_PATH}/virustotal_output.log" -t "${target}"
    else
      error "virustotal is not installed"
    fi
  else
    error "VIRUSTOTAL_ENABLE_SCAN is disabled"
  fi
}

# Use with --scripting
get_modsecurity_score() {
  # Check if target IP is in the modsecurity file

  local caller target
  local ipv4 ipv6_uncompress ipv6_semi_compress ipv6_compress mod_security_log_path result

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target=$(resolve "${TARGET}")

  mod_security_log_path="/var/log/nginx/modsec_audit.log"

  # Search for modsecurity logs
  if [[ ! -f "${mod_security_log_path}" ]]; then
    mod_security_log_path="/var/log/apache2/modsec_audit.log"
  fi

  if [[ ! -f "${mod_security_log_path}" ]]; then
    mod_security_log_path="/var/log/httpd/modsec_audit.log"
  fi

  if [[ ! -f "${mod_security_log_path}" ]]; then
    mod_security_log_path="/var/log/apache/modsec_audit.log"
  fi

  if [[ ! -f "${mod_security_log_path}" ]]; then
    error "ModSecurity log file not found"
  fi

  if ipcalc -4 -n "${target}" >/dev/null 2>&1; then
    ipv4="${target}"
    result=$(jq --arg ipv4 "${ipv4}" '.transaction | select(.client_ip == $ipv4)' "${mod_security_log_path}")

  else
    ipv6_uncompress=$(ipcalc -6 "${target}" | awk '/^Full Address:/ { print $NF }')
    ipv6_semi_compress=$(echo "${ipv6_uncompress}" | awk -F: 'BEGIN {OFS=":"} {for (i=1; i<=NF; i++) if ($i == "0000") {$i="0"}; gsub(/0{1,3}:/,"::"); print}')
    ipv6_compress=$(ipcalc -6 "${ipv6_uncompress}" | awk '/^Address:/ { print $NF }')
    result=$(jq --arg ipv6_uncompress "${ipv6_uncompress}" --arg ipv6_semi_compress "${ipv6_semi_compress}" --arg ipv6_compress "${ipv6_compress}" '.transaction | select(.client_ip == $ipv6_uncompress or .client_ip == $ipv6_semi_compress or .client_ip == $ipv6_compress)' "${mod_security_log_path}")

  fi

  if [ -n "${result}" ]; then
    [[ "${VERBOSE}" -ge 0 ]] && echo "IP address ${target_ip} found in modsecurity log"
    [[ "${VERBOSE}" -lt 0 ]] && echo "ip-found"
  else
    [[ "${VERBOSE}" -ge 0 ]] && echo "IP address ${target_ip} not found in modsecurity log"
    [[ "${VERBOSE}" -lt 0 ]] && echo "ip-not-found"
  fi

}

get_csf_score() {
  local caller target_ip csf_deny_path

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target_ip=$(resolve "${TARGET}")

  csf_deny_path="/etc/csf/csf.deny"

  if [[ ! -f "${csf_deny_path}" ]]; then
    error "CSF deny file not found"
  fi

  # Check the result of the csf command for the given IP
  result=$(csf -g "${target_ip}")

  # Check if the IP is blocked
  if [[ "${result}" == *"IPSET: Set:chain_DENY Match:"* || "${result}" == *"IPSET: Set:chain_6_DENY Match:"* ]]; then

    [[ "${VERBOSE}" -ge 0 ]] && echo "IP addres ${target_ip} found in csf.deny"
    [[ "${VERBOSE}" -lt 0 ]] && echo "ip-not-found"
  else
    [[ "${VERBOSE}" -ge 0 ]] && echo "Error no IP found in csf.deny"
    [[ "${VERBOSE}" -lt 0 ]] && echo "ip-not-found"
  fi

}

get_dabfm_score() {
  local caller target

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target=$(resolve "${TARGET}")

  # TODO use Directadmin API to get the list of blocked IP

}

# At this moment use CSF to block target
# Scripting value:
# error-no-dns-record, ip-already-blocked, ok-ip-block-success, error-ip-block-failed
block_target() {
  local caller target

  # Note CSF will always use compressed IPv6 address in csf.deny even if we pass full uncompressed IP
  local caller target_ip csf_ip_previous_block_status csf_ip_block_status csf_success_block_status block_msg
  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"

  target_ip=$(resolve "${TARGET}")
  block_msg="${COMMENTS}"

  # Sometimes target is not reachable or contains another domain (unresolvable), in this case we quit
  if [ -z "${target_ip}" ]; then
    [[ "${VERBOSE}" -ge 0 ]] && echo "[${SCRIPT_NAME}]: Error, No DNS record found for target ${target}"
    [[ "${VERBOSE}" -lt 0 ]] && echo "error-no-dns-record"
    exit 1
  fi

  [[ "${VERBOSE}" -ge 0 ]] && echo "[${SCRIPT_NAME}]: Using target ${TARGET}, Blocking IP ${target_ip}, with comment \"${block_msg}\" ..."
  # This will check if the existing IP has been blocked before (works with IPv6 and IPv4)
  csf_ip_previous_block_status=$(csf -g "${target_ip}" | grep -E 'IPSET: Set:chain_DENY Match:|IPSET: Set:chain_6_DENY Match:')

  # If string found, means already blocked
  if [ -n "${csf_ip_previous_block_status}" ]; then
    [[ "${VERBOSE}" -ge 0 ]] && echo "Notice, IP ${target_ip} already blocked"
    [[ "${VERBOSE}" -lt 0 ]] && echo "ip-already-blocked"
    exit 1
  else
    csf_ip_block_status=$(csf -d "${target_ip}" "${block_msg}")
    csf_success_block_status=$(echo "${csf_ip_block_status}" | grep 'Adding')
    retval=$?
    if [ "${retval}" -eq 0 ]; then
      [[ "${VERBOSE}" -ge 0 ]] && echo "${csf_success_block_status}"
      [[ "${VERBOSE}" -lt 0 ]] && echo "ok-ip-block-success"
      exit 0
    else
      [[ "${VERBOSE}" -ge 0 ]] && echo "${csf_ip_block_status}"
      [[ "${VERBOSE}" -lt 0 ]] && echo "error-ip-block-failed"
      exit 1
    fi
  fi
}

# At this moment use aipdb website to send report
report_target() {
  local caller target

  caller="${SCRIPT_NAME}->${FUNCNAME[0]}"
  target_ip=$(resolve "${TARGET}")
  report_category="${CATEGORIES}"
  report_comment="${COMMENTS}"

  # Check if ABUSEIPDB_ENABLE_WEB_REPORT is set to true

  if [ "${ABUSEIPDB_ENABLE_WEB_REPORT}" = true ]; then
    if command -v aipdb >/dev/null 2>&1; then
      local get_aipdb_report
      get_aipdb_report=$(aipdb report --ip-address="${target_ip}" --categories="${report_category}" --comment="${report_comment}" --scripting)
      if [ "${get_aipdb_report}" = "success" ]; then
        [[ "${VERBOSE}" -ge 0 ]] && echo "Report sent to AbuseIPDB"
        [[ "${VERBOSE}" -lt 0 ]] && echo "ok-report-sent"
      else
        [[ "${VERBOSE}" -ge 0 ]] && echo "Error sending report to AbuseIPDB"
        [[ "${VERBOSE}" -lt 0 ]] && echo "error-report-not-sent"
      fi
    else
      error "aipdb-command-not-found"
    fi
  else
    error "abuseipdb-web-report-disabled"
  fi

}

# This only work with IPv4. IPv6 is not supported yet

# Return the IP address count that belongs to a network
# Use with --scripting option
# Usage: maxiwall getIP2CIDR --ip-address=1.2.3.4 --netmask=24 --input-file=/etc/csf/csf.deny --scripting
get_ip2cidr() {
  local target_ip ip_to_cidr

  target_ip=$(resolve "${TARGET}")

  info 1 "Target ${TARGET} is resolved to ${target_ip}"

  if [ -z "${target_ip}" ]; then
    error "ip-is-not-specified"
  fi

  if ! ipcalc -4 -sc "${target_ip}"; then
    error "ip-is-not-valid"
  fi

  if [ -z "${NETMASK}" ]; then
    info 1 "No netmask specified, using default netmask of 24"
    NETMASK=24
  else
    info 1 "Using netmask ${NETMASK}"
  fi

  # Make sure target_ip exist in INPUT_FILE
  if ! grep -q "^${target_ip}" "${INPUT_FILE}"; then
    echo "ip-is-not-found"
    exit 254
  fi

  ip_to_cidr=$(ipcalc --silent "${target_ip}/${NETMASK}" | awk '/^Network:/{ print $NF }' | tail -n 1)
  info 0 "Searching for IP ${target_ip} with network ${ip_to_cidr} in ${INPUT_FILE} ..."

  # Check inside the file if the IP (in netmask/cidr form) is already there

  if grep -q "${ip_to_cidr}" "${INPUT_FILE}"; then
    echo "ip-already-exist"
    exit 254
  fi

  # This will only get input that is not blankspace, comment

  bad_ips=$(grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "${INPUT_FILE}" | grep -v '^\s*$\|^\s*\#')

  if [[ -z "${bad_ips}" ]]; then
    echo "no-bad-ip-found"
    exit 254
  fi

  cidr_ips_file=$(mktemp)

  while read -r ip; do
    cidr_ip=$(ipcalc --silent "${ip}/${NETMASK}" | awk '/^Network:/{ print $NF }')
    echo "${cidr_ip}" >>"${cidr_ips_file}"
  done <<<"${bad_ips}"

  cidr_ips_count=$(grep -c "${ip_to_cidr}" "${cidr_ips_file}")

  ((cidr_ips_count--))

  if [[ "${VERBOSE}" -ge 0 ]]; then
    info 0 "The IP address ${target_ip} shares its network with ${cidr_ips_count} other IP(s)"
  else
    echo "${cidr_ips_count}"
  fi

  rm -f "${cidr_ips_file}"
}

get_env() {
  local varname="$1"

  if [[ -z "${!varname}" ]]; then
    error "Variable ${varname} is not set"
  fi

  echo "${!varname}"

}

edit_file() {
  local file="$1"
  if [ -f "${file}" ]; then
    info 1 "Editing file ${file}"
    if command -v "nano" &>/dev/null; then
      nano -c "${file}"
    elif command -v "vi" &>/dev/null; then
      vi "${file}"
    else
      error "No editor found"
    fi
  else
    error "File ${file} does not exist"
  fi

}

# Show file using tail with 100 lines
show_file() {
  local file="$1"
  if [ -f "${file}" ]; then
    info 1 "Showing file ${file}"
    tail -f -n 100 "${file}"
  else
    error "File ${file} does not exist"
  fi

}

get_public_ipv4() {
  local ipv4

  ipv4=$(curl -s https://api.ipify.org)
  retval=$?
  if [ "${retval}" -eq 0 ]; then
    echo "${ipv4}"
  else
    error "Unable to get public IPv4 address"
  fi

}

get_public_ipv6() {
  local ipv6
  ipv6=$(curl -s https://api6.ipify.org)
  retval=$?
  if [ "${retval}" -eq 0 ]; then
    # Make sure the IPv6 is in an expanded form
    ipv6=$(ipcalc -s "${ipv6}" | awk '/Full Address:/{ print $NF }')
    echo "${ipv6}"
  else
    error "Unable to get public IPv6 address"
  fi

}

stop() {
  local service_name="$1"
  echo "service_name: ${service_name}"
  if [ -z "${service_name}" ]; then
    error "No service name specified"
  fi

  if ! systemctl is-active --quiet "${service_name}"; then
    info 0 "Service ${service_name} is not running"
    return 0
  fi

  info 0 "Stopping service ${service_name} ..."

  systemctl stop "${service_name}"
  retval=$?
  if [ "${retval}" -ne 0 ]; then
    error "Unable to stop service ${service_name}"
  fi

  info 0 "Service ${service_name} stopped"

}

start() {
  local service_name="$1"
  if [ -z "${service_name}" ]; then
    error "No service name specified"
  fi

  if systemctl is-active --quiet "${service_name}"; then
    info 0 "Service ${service_name} is already running"
    return 0
  fi

  info 0 "Starting service ${service_name} ..."

  systemctl start "${service_name}"
  retval=$?
  if [ "${retval}" -ne 0 ]; then
    error "Unable to start service ${service_name}"
  fi

  info 0 "Service ${service_name} started"

}
restart() {
  local service_name="$1"
  if [ -z "${service_name}" ]; then
    error "No service name specified"
  fi

  info 0 "Restarting service ${service_name} ..."

  systemctl restart "${service_name}"
  retval=$?
  if [ "${retval}" -ne 0 ]; then
    error "Unable to restart service ${service_name}"
  fi

  info 0 "Service ${service_name} restarted"
}
status() {
  local service_name="$1"
  if [ -z "${service_name}" ]; then
    error "No service name specified"
  fi

  if systemctl is-active --quiet "${service_name}"; then
    info 0 "Service ${service_name} is running"
  else
    info 0 "Service ${service_name} is not running"
  fi

}

init_config() {
  local caller
  caller="$(basename -- "$0")->${FUNCNAME[0]}"

  # Stop suricata
  echo "[${caller}]: Stopping suricata ..."
  systemctl stop suricata
  get_status_message "$?"
  echo ""

  # Adding maxiwall.lua to suricata.yaml (only one file at this moment)
  echo "[${caller}]: Adding maxiwall.lua script ..."
  yq eval --inplace '.outputs[] |= (select(has("lua")).lua."scripts" = ["maxiwall.lua"] | .)' /etc/suricata/suricata.yaml
  get_status_message "$?"
  echo ""

  # Copying maxiwall.lua into MAXIWALL_LUA_SCRIPT
  echo "[${caller}]: Copying ${SCRIPT_PATH}/maxiwall.lua into ${MAXIWALL_LUA_SCRIPT} ..."
  cp -f "${SCRIPT_PATH}/maxiwall.lua" "${MAXIWALL_LUA_SCRIPT}"
  get_status_message "$?"
  echo ""

  if [ ! -f "${SCRIPT_PATH}/${SCRIPT_NAME}.conf" ]; then
    # Copying maxiwall.conf.sample into CONFIG_FILE
    echo "[${caller}]: Copying ${SCRIPT_PATH}/${SCRIPT_NAME}.conf.sample into ${CONFIG_FILE} ..."
    cp -f "${SCRIPT_PATH}/${SCRIPT_NAME}.conf.sample" "${SCRIPT_PATH}/${SCRIPT_NAME}.conf"
    get_status_message "$?"
    echo ""
  fi

  # Make sure maxiwall.lua is executable
  echo "[${caller}]: Making sure ${MAXIWALL_LUA_SCRIPT} is executable ..."
  chmod +x "${MAXIWALL_LUA_SCRIPT}"
  get_status_message "$?"
  echo ""

  echo "[${caller}]: Removing all existing rules from suricata.yaml and leaving suricata.rules and /usr/local/maxicode/maxiwall/maxiwall.rules ..."
  yq eval --inplace '.rule-files = ["suricata.rules", "/usr/local/maxicode/maxiwall/maxiwall.rules"]' /etc/suricata/suricata.yaml
  get_status_message "$?"
  echo ""

  # Copying enable.conf into /etc/suricata/
  echo "[${caller}]: Copying ${SCRIPT_PATH}/enable.conf into /etc/suricata/enable.conf ..."
  cp -f "${SCRIPT_PATH}/enable.conf" /etc/suricata/enable.conf
  get_status_message "$?"
  echo ""

  # Copying disable.conf into /etc/suricata/
  echo "[${caller}]: Copying ${SCRIPT_PATH}/disable.conf into /etc/suricata/disable.conf ..."
  cp -f "${SCRIPT_PATH}/disable.conf" /etc/suricata/disable.conf
  get_status_message "$?"
  echo ""

  # Copying drop.conf into /etc/suricata/
  echo "[${caller}]: Copying ${SCRIPT_PATH}/drop.conf into /etc/suricata/drop.conf ..."
  cp -f "${SCRIPT_PATH}/drop.conf" /etc/suricata/drop.conf
  get_status_message "$?"
  echo ""

  # Clear suricata log file
  echo "[${caller}]: Clearing suricata log file ..."
  echo "" >"${SURICATA_LOG_FILE}"
  get_status_message "$?"
  echo ""

  # Start suricata service
  echo "[${caller}]: Starting suricata service ..."
  systemctl restart suricata.service
  get_status_message "$?"
  echo ""

  local wait_count=0
  echo "[${caller}]: Waiting for suricata engine to start capturing data ..."
  while ! grep -q "All AFP capture threads are running" "${SURICATA_LOG_FILE}"; do
    sleep 1
    ((wait_count++))
    if [ "${wait_count}" -gt 30 ]; then
      echo "[${caller}]: Suricata is not capturing for more than ${wait_count}. Please check the log file and fix the issue."
      exit 1
    fi
  done
  echo "[${caller}]: OK. Suricata is capturing data."

  echo ""

  # Checking whether suricata log file is free from a warning line ...
  echo "[${caller}]: Checking whether suricata log file is free from a warning line before a message All AFP capture threads are running ..."

  if grep -q "<Warning>" "${SURICATA_LOG_FILE}"; then
    echo "Suricata log file contains a warning line. Please check the log file and fix the issue."
    exit 1
  else
    echo "Suricata log file is free from a warning line."
  fi
  echo ""

  echo "Checking suricata status ..."
  systemctl status suricata.service | cat
  get_status_message "$?"
  echo ""

}

test_config() {
  local caller
  caller="$(basename -- "$0")->${FUNCNAME[0]}"
  traps maxiwall_debug_exit INT
  # Stopping suricata
  echo "[${SCRIPT_NAME}]: Stopping suricata.service ..."
  systemctl stop suricata
  echo ""

  # Remove all existing rules from suricata.yaml
  echo "[${caller}]: Setting suricata.yaml to use test rules file ..."
  yq eval --inplace '.rule-files = ["/usr/local/maxicode/maxiwall/maxiwall-test.rules"]' "${SURICATA_YAML}"
  get_status_message "$?"
  echo ""

  echo "[${caller}]: Running suricata in test mode ..."
  echo "[${caller}]: Please run the following telnet command in another terminal to generate test traffic:"
  echo "telnet <localhost>"
  suricata -v -c "${SURICATA_YAML}" -i eth0 --init-errors-fatal
}

############################
# MAIN FUNCTION START HERE #
############################

# This script was tested on Debian 11 (Bullseye)

declare SCRIPT_PATH SCRIPT_NAME SHORT_OPT_SPECS INDEX ACTION ARGNUM RETVAL
declare -A LONG_OPT_SPECS

SCRIPT_PATH="$(dirname "$(readlink -f "$0")")"
SCRIPT_NAME=$(basename -- "$0")

LOG_PATH="${SCRIPT_PATH}/log"
CONFIG_PATH="${SCRIPT_PATH}/conf"
OUTPUT_PATH="${SCRIPT_PATH}/output"

mkdir -p "${LOG_PATH}"
mkdir -p "${CONFIG_PATH}"
mkdir -p "${OUTPUT_PATH}"

SURICATA_YAML="/etc/suricata/suricata.yaml"
# Log file is defined in suricata.yaml
SURICATA_DEFAULT_LOG_DIR="$(yq -r '.default-log-dir' "${SURICATA_YAML}")"
SURICATA_LOG_FILE="${SURICATA_DEFAULT_LOG_DIR}/$(yq -r '.logging.outputs[1].file.filename' "${SURICATA_YAML}")"
# FAST_LOG_FILE="${SURICATA_DEFAULT_LOG_DIR}/$(yq -r '.outputs[] | select(.fast) | .fast.filename' "${SURICATA_YAML}")"
# TTP_LOG_FILE="${SURICATA_DEFAULT_LOG_DIR}/$(yq -r '.outputs[] | select(.http-log) | .http-log.filename' "${SURICATA_YAML}")"

# Lua script directory is defined in suricata.yaml
LUA_SCRIPTS_DIR="$(yq -r '.outputs[] | select(.lua.scripts-dir) | .lua.scripts-dir' "${SURICATA_YAML}")"
MAXIWALL_LUA_SCRIPT="${LUA_SCRIPTS_DIR}/maxiwall.lua"

# Rule file is defined in suricata.yaml
SURICATA_SURICATA_DEFAULT_RULES_PATH="$(yq -r '.default-rule-path' "${SURICATA_YAML}")"
SURICATA_RULES_FILE="${SURICATA_SURICATA_DEFAULT_RULES_PATH}/suricata.rules"
MAXIWALL_RULES_FILE="${SCRIPT_PATH}/maxiwall.rules"
TEST_RULES_FILE="${SCRIPT_PATH}/maxiwall-test.rules"

SHORT_OPT_SPECS=":hvsc:t:-:"
LONG_OPT_SPECS=(["config"]=1 ["ip"]=1 ["ip-address"]=1 ["domain"]=1 ["domain-name"]=1 ["target"]=1 ["input-file"]=1 ["netmask"]=1 ["category"]=1 ["categories"]=1 ["comment"]=1 ["comments"]=1)
INDEX=$(($# + 1))

ACTION="$1"
ARGNUM="$#"

RETVAL=0
OLD_PATH=$(pwd)

# This variable will be used as global
VERBOSE=false
SCRIPTING=false
COUNT=false
traps exit_script QUIT INT TERM EXIT

if [ ${ARGNUM} -eq 0 ]; then
  error "No argument supplied. Please use '${SCRIPT_NAME} --help' for help"
  exit 1
fi

shift

while getopts "${SHORT_OPT_SPECS}" OPTION; do
  while true; do
    case "${OPTION}" in
    -)
      if [[ ${OPTARG[0]} =~ .*=.* ]]; then
        OPTION=${OPTARG/=*/}
        ((${#OPTION} <= 1)) && {
          echo "[${SCRIPT_NAME}]: Error, invalid long option '${OPTION}'" >&2
          exit 1
        }
        if ((LONG_OPT_SPECS[\$OPTION] != 1)); then
          echo "[${SCRIPT_NAME}]: Error, the option '${OPTION}' does not support this syntax"
          exit 2
        fi
        OPTARG[0]=${OPTARG#*=}
      else
        OPTION="${OPTARG[0]}"
        ((${#OPTION} <= 1)) && {
          echo "[${SCRIPT_NAME}]: Error, Invalid long option '${OPTION}'"
          exit 1
        }
        OPTARG=("${@:OPTIND:LONG_OPT_SPECS[\$OPTION]}")
        ((OPTIND += LONG_OPT_SPECS[\$OPTION]))
        ((OPTIND > INDEX)) && {
          echo "[${SCRIPT_NAME}]: Error, missing required arguments for option '${OPTION}'"
          exit 2
        }
      fi
      continue
      ;;
    h | help)
      ACTION="help"
      ;;
    v | verbose)
      VERBOSE=$((VERBOSE + 1))
      ;;
    s | scripting)
      SCRIPTING=true
      VERBOSE=-1
      ;;
    c | config)
      CONFIG_FILE="${OPTARG[0]}"
      ;;
    t | ip | ip-address | domain | domain-name | target)
      TARGET="${OPTARG[0]}"
      if [[ -z "${TARGET}" ]]; then
        echo "[${SCRIPT_NAME}]: Error, no target supplied. Please provide a valid target such as an IP address or domain name"
        exit 1
      fi
      ;;
    netmask)
      NETMASK="${OPTARG[0]}"
      ;;
    i | input-file)
      INPUT_FILE="${OPTARG[0]}"
      ;;
    category | categories)
      CATEGORIES="${OPTARG[0]}"
      ;;
    comment | comments)
      COMMENTS="${OPTARG[0]}"
      ;;
    count)
      COUNT=true
      ;;
    ?)
      echo "[${SCRIPT_NAME}]: Syntax error: Unknown short option '${OPTARG[0]}'"
      exit 2
      ;;
    *)
      echo "[${SCRIPT_NAME}]: Syntax error: Unknown long option '${OPTION}'"
      exit 2
      ;;
    esac
    break
  done
done

if [[ "${ACTION^^}" == +(-H|--HELP|HELP) ]]; then
  readme "${SCRIPT_PATH}/readme.txt"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(-V|--VERSION|VERSION) ]]; then
  echo "=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~="
  echo ""
  echo "Info: ${_APP_INFO}"
  echo ""
  echo "Version: ${_APP_VERSION_STATUS}"
  echo ""
  echo "${_AUTHOR}"
  echo ""
  echo "=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~="
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(-T|--TEST|TEST) ]]; then
  exit 0
elif [[ "${ACTION^^}" == +(SCAN|CHECK) ]]; then
  read_config
  scan "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(IP2CIDR|GETPT2CIDR|IP-TO-CIDR|GET-IP-TO-CIDR) ]]; then
  read_config
  get_ip2cidr "$@"
  RETVAL=$?
  exit ${RETVAL}
# Get variable value from config file
elif [[ "${ACTION^^}" == +(GETENV|GETVAR) ]]; then
  read_config
  get_env "$@"
  RETVAL=$?
elif [[ "${ACTION^^}" == +(-U|--UPDATE|UPDATE) ]]; then
  check_update "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(--STATUS|STATUS) ]]; then
  status "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(--STOP|STOP) ]]; then
  stop "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(--INIT|INIT|INITIALIZE) ]]; then
  init_config "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(--START|START) ]]; then
  start "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(--RESTART|RESTART) ]]; then
  restart "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(GET-SCRIPT-PATH|SCRIPT-PATH) ]]; then
  echo "${SCRIPT_PATH}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(GET-OUTPUT-PATH|OUTPUT-PATH) ]]; then
  echo "${OUTPUT_PATH}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(SHOW-SURICATA-LOG|SHOW-LOG) ]]; then
  show_file "${SURICATA_LOG_FILE}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(EDIT-LUA-SCRIPT|EDIT-LUA) ]]; then
  edit_file "${SCRIPT_PATH}/maxiwall.lua"
  RETVAL=$?
  exit ${RETVAL}

elif [[ "${ACTION^^}" == +(EDIT-SURICATA-RULE|EDIT-SURICATA-RULES) ]]; then
  edit_file "${SURICATA_RULES_FILE}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(EDIT-MAXIWALL-RULE|EDIT-MAXIWALL-RULES|EDIT-RULE|EDIT-RULES) ]]; then
  edit_file "${MAXIWALL_RULES_FILE}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(EDIT) ]]; then
  edit_file "${SCRIPT_PATH}/${SCRIPT_NAME}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(EDIT-TEST-RULE) ]]; then
  edit_file "${TEST_RULES_FILE}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(DEBUG-LOG) ]]; then
  cat /dev/null >"${SURICATA_LOG_FILE}"
  systemctl restart suricata
  tail -f "${SURICATA_LOG_FILE}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(TEST-RULE|TEST-RULES) ]]; then
  test_config "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(EDIT-MAXIWALL-CONFIG|EDIT-CONFIG) ]]; then
  edit_file "${CONFIG_FILE}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(EDIT-SURICATA-CONFIG|EDIT-SURICATA-YAML) ]]; then
  edit_file "${SURICATA_YAML}"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(GET-PUBLIC-IPV4) ]]; then
  get_public_ipv4 "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(GET-PUBLIC-IPV6) ]]; then
  get_public_ipv6 "$@"
  RETVAL=$?
  exit ${RETVAL}
elif
  [[ "${ACTION^^}" == +(AIPDB-SCAN) ]]
then
  read_config
  get_aipdb_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(BLCHECK-SCAN) ]]; then
  read_config
  get_blcheck_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(GREYNOISE-SCAN) ]]; then
  read_config
  get_greynoise_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(VIRUSTOTAL-SCAN) ]]; then
  read_config
  get_virustotal_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(MODSECURITY-SCAN) ]]; then
  read_config
  get_modsecurity_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(CSF-SCAN) ]]; then
  read_config
  get_csf_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(DABFM-SCAN) ]]; then
  read_config
  get_dabfm_score "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(CSF-CIDR-SCAN) ]]; then
  read_config
  get_ip2cidr "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(BLOCK-TARGET|BLOCK-IP|DENY-IP|DENY-TARGET) ]]; then
  read_config
  block_target "$@"
  RETVAL=$?
  exit ${RETVAL}
elif [[ "${ACTION^^}" == +(REPORT-TARGET|REPORT-IP) ]]; then
  read_config
  report_target "$@"
  RETVAL=$?
  exit ${RETVAL}
else
  echo "[${SCRIPT_NAME}]: Error, unknown action '${ACTION}'. Please provide a valid action (eg: ${SCRIPT_NAME} +<action> *<option>)"
  exit 1
fi