hhf/docker-mailcow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update install-mailcow-ubuntu.sh

Browse source
This commit is contained in:
HHF Technology 2024-12-06 16:05:56 +05:30
parent 2476e03c9f
commit 095afdd613
1 changed files with 40 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
install-mailcow-ubuntu.sh
View file

@ -74,32 +74,63 @@ cat > /etc/fail2ban/jail.local << EOL
bantime = 1h
findtime = 10m
maxretry = 3
banaction = ufw
backend = systemd
ignoreip = 127.0.0.1/8 ::1
findtime = 10m
bantime = 1h
maxretry = 3
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
logpath = %(sshd_log)s
maxretry = 3
EOL
bantime = 1d
# Create SSH honeypot configuration
cat > /etc/fail2ban/jail.d/ssh-honeypot.conf << EOL
[ssh-honeypot]
enabled = true
filter = ssh-honeypot
logpath = /var/log/auth.log
filter = sshd
logpath = %(sshd_log)s
maxretry = 1
bantime = 1d
findtime = 1d
EOL
cat > /etc/fail2ban/filter.d/ssh-honeypot.conf << EOL
# Configure fail2ban filter
cat > /etc/fail2ban/filter.d/sshd.local << EOL
[Definition]
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>
ignoreregex =
failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$
^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s))?\s*$
^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$
^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
^%(__prefix_line)sReceived disconnect from <HOST>: 3: .*: Auth fail$
^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$
^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
^%(__prefix_line)s[aA]uthentication (?:failure|error) for .* from <HOST>(?:\s+\[preauth\])?\s*$
ignoreregex =
EOL
# Create fail2ban systemd override directory
mkdir -p /etc/systemd/system/fail2ban.service.d/
# Create override file
cat > /etc/systemd/system/fail2ban.service.d/override.conf << EOL
[Service]
ExecStart=
ExecStart=/usr/bin/fail2ban-server -xf start
EOL
# Reload systemd daemon
systemctl daemon-reload
# Restart fail2ban
systemctl restart fail2ban