mirror of
https://gitlab.com/garagenum/greg/fail2ban.git
synced 2025-06-30 22:01:30 +02:00
31 lines
813 B
Bash
Executable File
31 lines
813 B
Bash
Executable File
#!/bin/bash
|
|
|
|
## check root
|
|
if [ "$EUID" -ne 0 ]
|
|
then echo "Lancer le script avec sudo svp"
|
|
exit
|
|
fi
|
|
|
|
# update et install fail2ban
|
|
apt update -y && apt install fail2ban -y
|
|
|
|
# copie des confs
|
|
cp fail2ban-nginx-filter/* /etc/fail2ban/filter.d/
|
|
cp jail.local /etc/fail2ban/
|
|
rm -rf /etc/fail2ban/jail.d/*
|
|
|
|
# recup de l'ip pour la conf
|
|
IP=$(ip route get 1.2.3.4 | awk '{print $7}')
|
|
sed -i "s/IP/$IP/" /etc/fail2ban/jail.local
|
|
|
|
# recup du port ssh
|
|
SSH=$(grep Port /etc/ssh/sshd_config); SSH=${SSH##*(Port)}; SSH=${SSH%%*(#GatewayPorts no)}
|
|
sed -i "s/SSH_PORT/$SSH/" /etc/fail2ban/jail.local
|
|
|
|
# changement dbpurge
|
|
sed -i "s/1d/365d/" /etc/fail2ban/fail2ban.conf
|
|
|
|
systemctl restart fail2ban
|
|
fail2ban-client status
|
|
|
|
echo "la configuration pour les autres prisons que le SSH sont de 72h (bannissement à vie pour le SSH)" |
