External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhanced fail2ban jail.local

Browse Source
This commit is contained in:
Ali
2025-07-07 21:22:47 +01:00
parent eb234968b3
commit a424f5b88b
1 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
du_setup.sh
View File

@@ -1037,29 +1037,24 @@ configure_firewall() {
configure_fail2ban() { configure_fail2ban() {
print_section "Fail2Ban Configuration" print_section "Fail2Ban Configuration"
# --- Create UFW Probes Filter for Fail2ban --- # --- Define Desired Configurations ---
# This custom filter tells Fail2ban what to look for in UFW's log file. # Define content of config file.
print_info "Creating Fail2ban filter for UFW probes..." local UFW_PROBES_CONFIG
mkdir -p /etc/fail2ban/filter.d UFW_PROBES_CONFIG=$(cat <<'EOF'
tee /etc/fail2ban/filter.d/ufw-probes.conf > /dev/null <<'EOF'
[Definition] [Definition]
# This regex looks for the standard "[UFW BLOCK]" message in /var/log/ufw.log # This regex looks for the standard "[UFW BLOCK]" message in /var/log/ufw.log
failregex = \[UFW BLOCK\] IN=.* OUT=.* SRC=<HOST> failregex = \[UFW BLOCK\] IN=.* OUT=.* SRC=<HOST>
ignoreregex = ignoreregex =
EOF EOF
)
# --- Create Enhanced jail.local Configuration --- local JAIL_LOCAL_CONFIG
# This new configuration sets more robust defaults and adds the UFW monitoring jail. JAIL_LOCAL_CONFIG=$(cat <<EOF
print_info "Creating enhanced Fail2ban local jail configuration..."
tee /etc/fail2ban/jail.local > /dev/null <<EOF
[DEFAULT] [DEFAULT]
# IPs to ignore. 127.0.0.1/8 is localhost.
ignoreip = 127.0.0.1/8 ::1 ignoreip = 127.0.0.1/8 ::1
# Ban for 1 day, as 1 hour is often too short for persistent bots.
bantime = 1d bantime = 1d
findtime = 10m findtime = 10m
maxretry = 5 maxretry = 5
# Set the default banning action to use UFW.
banaction = ufw banaction = ufw
[sshd] [sshd]
@@ -1074,6 +1069,27 @@ filter = ufw-probes
logpath = /var/log/ufw.log logpath = /var/log/ufw.log
maxretry = 3 maxretry = 3
EOF EOF
)
local UFW_FILTER_PATH="/etc/fail2ban/filter.d/ufw-probes.conf"
local JAIL_LOCAL_PATH="/etc/fail2ban/jail.local"
# --- Idempotency Check ---
# This checks if the on-disk files are already identical to our desired configuration.
if [[ -f "$UFW_FILTER_PATH" && -f "$JAIL_LOCAL_PATH" ]] && \
cmp -s "$UFW_FILTER_PATH" <<<"$UFW_PROBES_CONFIG" && \
cmp -s "$JAIL_LOCAL_PATH" <<<"$JAIL_LOCAL_CONFIG"; then
print_info "Fail2Ban is already configured correctly. Skipping."
log "Fail2Ban configuration is already correct."
return 0
fi
# --- Apply Configuration ---
# If the check above fails, we write the correct configuration files.
print_info "Applying new Fail2Ban configuration..."
mkdir -p /etc/fail2ban/filter.d
echo "$UFW_PROBES_CONFIG" > "$UFW_FILTER_PATH"
echo "$JAIL_LOCAL_CONFIG" > "$JAIL_LOCAL_PATH"
# --- Restart and Verify Fail2ban --- # --- Restart and Verify Fail2ban ---
print_info "Enabling and restarting Fail2Ban to apply new rules..." print_info "Enabling and restarting Fail2Ban to apply new rules..."
@@ -1087,7 +1103,6 @@ EOF
fail2ban-client status | tee -a "$LOG_FILE" fail2ban-client status | tee -a "$LOG_FILE"
else else
print_error "Fail2Ban service failed to start. Check 'journalctl -u fail2ban' for errors." print_error "Fail2Ban service failed to start. Check 'journalctl -u fail2ban' for errors."
# No longer exits the script, just reports the failure.
FAILED_SERVICES+=("fail2ban") FAILED_SERVICES+=("fail2ban")
fi fi
log "Fail2Ban configuration completed." log "Fail2Ban configuration completed."