Last active
July 4, 2022 18:44
-
-
Save szukalski/606748b9bcf9317fa773a474cc67036a to your computer and use it in GitHub Desktop.
fail2ban ufw logwatch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Run as root | |
| if [ "$#" -ne 1 ]; | |
| then | |
| echo "Usage: <script> <username>" | |
| exit 1 | |
| fi | |
| USER=$1 | |
| EMAIL=your.email.address@gmail.com | |
| PASSWORD=your.email.password | |
| SMTP_RELAY=smtp.gmail.com | |
| apt-get update -y | |
| apt-get dist-upgrade -y | |
| apt-get install -y screen vim ntp | |
| sed -i.bak 's/prohibit-password/no/' /etc/ssh/sshd_config | |
| groupadd sshlogin | |
| usermod -a -G sshlogin $USER | |
| echo "AllowGroups sshlogin" >> /etc/ssh/sshd_config | |
| service ssh restart | |
| echo "IPV6=no" >> /etc/ufw/ufw.conf | |
| ufw allow OpenSSH | |
| ufw --force enable | |
| apt-get install fail2ban -y | |
| cat << 'EOF'>> /etc/fail2ban/action.d/ufw-ssh.conf | |
| [Definition] | |
| actionstart = | |
| actionstop = | |
| actioncheck = | |
| actionban = ufw insert 1 deny from <ip> to any app OpenSSH | |
| actionunban = ufw delete deny from <ip> to any app OpenSSH | |
| EOF | |
| cat << 'EOF'>> /etc/fail2ban/filter.d/f2b-loop.conf | |
| # Fail2Ban configuration file for subsequent bans | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| failregex = \]\s+Ban\s+<HOST> | |
| ignoreregex = \[f2b-loop.*\]\s+Ban\s+<HOST> | |
| # | |
| # Author: Walter Heitman Jr. http://blog.shanock.com | |
| EOF | |
| cat << 'EOF'>> /etc/fail2ban/jail.conf | |
| [ufw-ssh] | |
| enabled = true | |
| banaction = ufw-ssh | |
| port = 22 | |
| filter = sshd | |
| logpath = /var/log/auth.log | |
| maxretry = 3 | |
| [f2b-loop2] | |
| enabled = true | |
| filter = f2b-loop | |
| bantime = 86400 ;1 day | |
| findtime = 604800 ;1 week | |
| logpath = /var/log/fail2ban.log | |
| maxretry = 2 | |
| [f2b-loop3] | |
| enabled = true | |
| filter = f2b-loop | |
| bantime = 604800 ;1 week | |
| findtime = 2592000 ;1 month | |
| logpath = /var/log/fail2ban.log | |
| maxretry = 3 | |
| [f2b-loop4] | |
| enabled = true | |
| filter = f2b-loop | |
| bantime = 2592000 ;1 month | |
| findtime = 15552000 ;6 months | |
| logpath = /var/log/fail2ban.log | |
| maxretry = 6 | |
| EOF | |
| service fail2ban restart | |
| apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules ca-certificates -y | |
| sed -i.bak "s/relayhost =/relayhost = [$SMTP_RELAY]:587/" /etc/postfix/main.cf | |
| cat << 'EOF'>> /etc/postfix/main.cf | |
| smtp_sasl_auth_enable = yes | |
| smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd | |
| smtp_sasl_security_options = noanonymous | |
| smtp_tls_CAfile = /etc/postfix/cacert.pem | |
| smtp_use_tls = yes | |
| EOF | |
| echo "[$SMTP_RELAY]:587 $EMAIL:$PASSWORD" >> /etc/postfix/sasl_passwd | |
| chmod 400 /etc/postfix/sasl_passwd | |
| postmap /etc/postfix/sasl_passwd | |
| wget -O /etc/ssl/certs/Thawte_Premium_Server_CA.pem https://www.thawte.com/roots/thawte_Premium_Server_CA.pem | |
| cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem | |
| service postfix restart | |
| apt-get install logwatch -y | |
| mkdir /var/cache/logwatch | |
| cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ | |
| sed -i.bak "s/MailTo = root/MailTo = $EMAIL/" /etc/logwatch/conf/logwatch.conf | |
| #sed -i 's/Detail = Low/Detail = Low/' /etc/logwatch/conf/logwatch.conf | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment