-
Notifications
You must be signed in to change notification settings - Fork 1
/
fail2ban
executable file
·65 lines (55 loc) · 1.69 KB
/
fail2ban
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env bash
# Copyright (C) 2021 Rodrigo Silva (MestreLion) <[email protected]>
# License: GPLv3 or later. See <http://www.gnu.org/licenses/gpl.html>
#
# To list bans:
# sudo fail2ban-client status sshd
# -----------------------------------------------------------------------------
DESCRIPTION='Fail2Ban'
ARGS='[SSH_PORT]'
setuplib=${SETUP_LIB_PATH:-"$(dirname "$(readlink -f "$0")")"/../setuplib}
# shellcheck source=../setuplib
if [[ -r "$setuplib" ]]; then source "$setuplib"; else
echo "Setup library not found: $setuplib" >&2; exit 1;
fi
# -----------------------------------------------------------------------------
default_ssh_port=22
port=${1:-${SETUP_SSH_PORT:-$default_ssh_port}}; integer "$port" PORT
# -----------------------------------------------------------------------------
message 'Enable Firewall and add rule for SSH'
if [[ "$port" == "$default_ssh_port" ]]; then
setup_run sudo ufw allow OpenSSH
else
setup_run sudo tee /etc/ufw/applications.d/ssh-custom-port.conf <<-EOF
# Created by ${SETUP_NAME}
# ${SETUP_WEBSITE}
[SSH]
title=SSH custom port
description=OpenSSH service on port ${port}
ports=${port}/tcp
EOF
setup_run sudo ufw allow SSH
fi
try sudo ufw reload
setup_run sudo ufw enable
message 'Install Fail2Ban'
install_package fail2ban
message 'Configure Fail2Ban'
config=/etc/fail2ban/jail.d/${SETUP_SLUG}.conf
setup_run sudo tee "$config" <<-EOF
# Created by ${SETUP_NAME}
# ${SETUP_WEBSITE}
[DEFAULT]
# Default: 10 minutes
bantime = 10d
# Default: 10 minutes
findtime = 30m
# Default: 5
maxretry = 3
[sshd]
# Already enabled by defaults-debian.conf
enabled = true
# Default: ssh (==22)
port = ${port}
EOF
setup_run sudo systemctl restart fail2ban