2020-10-28 21:07:07 +00:00
|
|
|
#!/bin/bash
|
|
|
|
# Simple Fail2ban configuration
|
2023-11-08 06:34:51 +00:00
|
|
|
# SwITNet Ltd © - 2023, https://switnet.net/
|
2020-10-28 21:07:07 +00:00
|
|
|
# GNU GPLv3 or later.
|
|
|
|
|
|
|
|
while getopts m: option
|
|
|
|
do
|
|
|
|
case "${option}"
|
|
|
|
in
|
|
|
|
m) MODE=${OPTARG};;
|
2022-05-21 00:54:27 +00:00
|
|
|
\?) echo "Usage: sudo bash ./$0 [-m debug]" && exit;;
|
2020-10-28 21:07:07 +00:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
|
|
|
#DEBUG
|
|
|
|
if [ "$MODE" = "debug" ]; then
|
|
|
|
set -x
|
|
|
|
fi
|
|
|
|
|
|
|
|
#Check if user is root
|
2022-05-12 04:52:44 +00:00
|
|
|
if ! [ "$(id -u)" = 0 ]; then
|
2020-10-28 21:07:07 +00:00
|
|
|
echo "You need to be root or have sudo privileges!"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
apt-get -y install fail2ban
|
|
|
|
|
|
|
|
if \
|
|
|
|
[ -f /var/log/ssh_f2b.log ] && \
|
2022-05-12 04:52:44 +00:00
|
|
|
[ "$(grep -c 604800 /etc/fail2ban/jail.local)" = "1" ] && \
|
|
|
|
[ "$(grep -c ssh_f2b.log /etc/fail2ban/jail.local)" = "1" ]; then
|
2020-10-28 21:07:07 +00:00
|
|
|
echo -e "\nFail2ban seems to be already configured.\n"
|
|
|
|
else
|
|
|
|
echo -e "\nConfiguring Fail2ban...\n"
|
|
|
|
cat << F2BAN >> /etc/fail2ban/jail.local
|
|
|
|
[sshd]
|
|
|
|
enabled = true
|
|
|
|
port = 22
|
|
|
|
filter = sshd
|
|
|
|
logpath = /var/log/ssh_f2b.log
|
|
|
|
maxretry = 3
|
|
|
|
bantime = 604800
|
|
|
|
F2BAN
|
|
|
|
fi
|
|
|
|
systemctl restart fail2ban
|