Created
September 20, 2017 13:31
-
-
Save jensenb/51539cd50342d0e15ffc84e41ea6ca14 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script installs fail2ban and configures a default fail2ban ssh jail that uses ufw firewall rules | |
| # Note this script needs to be run with sudo | |
| # Brian Jensen <jensen@cs.tum.edu> | |
| apt-get install -y fail2ban && cat >/etc/fail2ban/jail.local <<EOL | |
| [DEFAULT] | |
| # "bantime" is the number of seconds that a host is banned. | |
| bantime = 1800 | |
| # default banaction | |
| banaction = ufw | |
| # block ssh password guessing using ufw | |
| [sshd] | |
| banaction = ufw | |
| enabled = true | |
| filter = sshd | |
| port = ssh | |
| logpath = %(sshd_log)s | |
| EOL | |
| ufw enable | |
| ufw allow OpenSSH | |
| service fail2ban restart | |
| fail2ban-client status |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment