Uniwa 2020 ask Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

29 lines
1.2 KiB

4 years ago
#!/bin/sh
sudo apt-get update -y # To get the latest package lists
sudo apt install rsyslog -y #instal auth.log
sudo service rsyslog start #start syslog
#grep "Failed password" /var/log/auth.log #check for login failures
#grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort
sudo cat /var/log/auth.log | grep "Failed password"
#sudo apt install fail2ban -y
sudo service fail2ban enable
sudo service fail2ban start
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i '244d' /etc/fail2ban/jail.local
sudo sed -i '239 a enabled = true' /etc/fail2ban/jail.local
sudo sed -i '240 a maxretry = 3' /etc/fail2ban/jail.local
sudo sed -i '241 a bantime = 300' /etc/fail2ban/jail.local
sudo sed -i '242 a findtime = 30' /etc/fail2ban/jail.local
sudo sed -i '243 a chain = INPUT' /etc/fail2ban/jail.local
sudo sed -i '244 a port = 22' /etc/fail2ban/jail.local
sudo sed -i '245 a action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]' /etc/fail2ban/jail.local
sudo service fail2ban restart
sudo fail2ban-client status sshd
sudo iptables -L
#end