40 lines
966 B
Bash
Executable File
40 lines
966 B
Bash
Executable File
#!/bin/bash
|
|
## Fail2ban Setup
|
|
|
|
# Install EPEL necessary for Fail2ban
|
|
sudo dnf instally epel-release -y
|
|
|
|
# Install Fail2ban
|
|
log "info" "Installing fail2ban..."
|
|
sudo dnf install fail2ban -y \
|
|
&& log "info" "Successfully installed fail2ban"
|
|
|
|
# Enable and run Fail2ban
|
|
log "info" "Enabling and starting fail2ban"
|
|
sudo systemctl enable --now fail2ban \
|
|
&& log "info" "Successfully enabled and started fail2ban"
|
|
|
|
# Write config files to jail.d
|
|
|
|
JAIL_D_PATH="/etc/fail2ban/jail.d/"
|
|
log "info" "Writing fail2ban local configurations to ${JAIL_D_PATH}"
|
|
|
|
log "info" "Writing SSHD Configuration"
|
|
cat << '__EOF__' | sudo tee "${JAIL_D_PATH}/sshd.local"
|
|
[sshd]
|
|
enabled = true
|
|
port = ssh
|
|
ignoreip = 127.0.0.1/8
|
|
logpath = %(sshd_log)s
|
|
backend = %(sshd_backend)s
|
|
maxretry = 3
|
|
findtime = 1d
|
|
bantime = 15mm
|
|
usedns = warn
|
|
__EOF__
|
|
|
|
log "info" "Finished writing fail2ban local configurations to ${JAIL_D_PATH}"
|
|
|
|
sudo systemctl restart fail2ban \
|
|
&& log "info" "Restarted fail2ban"
|