From 5b1a9ccaaf28aca279d077693a202c5f515e62b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sat, 5 Aug 2017 20:47:49 +0200 Subject: [PATCH] Add fail2ban for fedora (#127) --- fedora/configure_fresh_system.sh | 9 ++++++--- fedora/etc/fail2ban/jail.d/01-sshd.conf | 2 ++ 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 fedora/etc/fail2ban/jail.d/01-sshd.conf diff --git a/fedora/configure_fresh_system.sh b/fedora/configure_fresh_system.sh index 81d36ccf..3099c98b 100755 --- a/fedora/configure_fresh_system.sh +++ b/fedora/configure_fresh_system.sh @@ -6,7 +6,7 @@ if [[ -z $NOUPGRADE ]]; then sudo dnf -y upgrade fi -sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs npm terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal qt5-linguist qtkeychain-qt5-devel archivemount keepass splix gutenprint-cups cups-bjnp golang redhat-rpm-config docker pcsc-lite-devel pcsc-tools pcsc-lite yubico-piv-tool yubikey-personalization-gui xloadimage yp-tools closure-compiler optipng jpegoptim grub2 grub2-efi dracut dracut-tools openssl-devel +sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs npm terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal qt5-linguist qtkeychain-qt5-devel archivemount keepass splix gutenprint-cups cups-bjnp golang redhat-rpm-config docker pcsc-lite-devel pcsc-tools pcsc-lite yubico-piv-tool yubikey-personalization-gui xloadimage yp-tools closure-compiler optipng jpegoptim grub2 grub2-efi dracut dracut-tools openssl-devel fail2ban sudo dnf -y groupinstall "C Development Tools and Libraries" sudo dnf -y groupinstall "Development Tools" @@ -18,6 +18,7 @@ sudo cp -v $DIR/etc/dnf/automatic.conf /etc/dnf/automatic.conf sudo cp -v $DIR/etc/ld.so.conf.d/nextcloud.conf /etc/ld.so.conf.d/nextcloud.conf sudo cp -v $DIR/etc/sysctl.d/90_swapiness.conf /etc/sysctl.d/ sudo cp -v $DIR/etc/sysctl.d/91_inotify_limit.conf /etc/sysctl.d/ +sudo cp -v $DIR/etc/fail2ban/jail.d/01-sshd.conf /etc/fail2ban/jail.d/ sudo ldconfig set +e @@ -47,10 +48,12 @@ else fi if [[ -z $NO_SYSTEMCTL ]]; then - sudo systemctl enable dnf-automatic-install.timer - sudo systemctl start dnf-automatic-install.timer sudo systemctl enable docker sudo systemctl restart docker + sudo systemctl enable fail2ban + sudo systemctl restart fail2ban + sudo systemctl enable dnf-automatic-install.timer + sudo systemctl restart dnf-automatic-install.timer sudo systemctl enable fstrim.timer sudo systemctl restart fstrim.timer sudo systemctl list-timers diff --git a/fedora/etc/fail2ban/jail.d/01-sshd.conf b/fedora/etc/fail2ban/jail.d/01-sshd.conf new file mode 100644 index 00000000..9eb356c8 --- /dev/null +++ b/fedora/etc/fail2ban/jail.d/01-sshd.conf @@ -0,0 +1,2 @@ +[sshd] +enabled = true