#!/bin/bash
## Fail2ban Setup

# Install EPEL necessary for Fail2ban
sudo dnf instally epel-release -y

# Install Fail2ban
log "info" "Installing fail2ban..."
sudo dnf install fail2ban -y \
  && log "info" "Successfully installed fail2ban"

# Enable and run Fail2ban
log "info" "Enabling and starting fail2ban"
sudo systemctl enable --now fail2ban \
  && log "info" "Successfully enabled and started fail2ban"

# Write config files to jail.d

JAIL_D_PATH="/etc/fail2ban/jail.d/"
log "info" "Writing fail2ban local configurations to ${JAIL_D_PATH}"

log "info" "Writing SSHD Configuration"
cat << '__EOF__' | sudo tee "${JAIL_D_PATH}/sshd.local"
[sshd]
enabled = true
port = ssh
ignoreip = 127.0.0.1/8
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
findtime = 1d
bantime = 15mm
usedns = warn
__EOF__

log "info" "Finished writing fail2ban local configurations to ${JAIL_D_PATH}"

sudo systemctl restart fail2ban \
  && log "info" "Restarted fail2ban"