You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 lines
1.2 KiB
28 lines
1.2 KiB
#!/bin/sh
|
|
|
|
|
|
sudo apt-get update -y # To get the latest package lists
|
|
sudo apt install rsyslog #instal auth.log
|
|
sudo service rsyslog start #start syslog
|
|
#grep "Failed password" /var/log/auth.log #check for login failures
|
|
#grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort
|
|
sudo cat /var/log/auth.log | grep "Failed password"
|
|
sudo apt install fail2ban -y
|
|
sudo service fail2ban enable
|
|
sudo service fail2ban start
|
|
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
|
|
sudo sed -i '244d' /etc/fail2ban/jail.local
|
|
sudo sed -i '239 a enabled = true' /etc/fail2ban/jail.local
|
|
sudo sed -i '240 a maxretry = 3' /etc/fail2ban/jail.local
|
|
sudo sed -i '241 a bantime = 300' /etc/fail2ban/jail.local
|
|
sudo sed -i '242 a findtime = 30' /etc/fail2ban/jail.local
|
|
sudo sed -i '243 a chain = INPUT' /etc/fail2ban/jail.local
|
|
sudo sed -i '244 a port = 22' /etc/fail2ban/jail.local
|
|
sudo sed -i '245 a action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]' /etc/fail2ban/jail.local
|
|
sudo service fail2ban restart
|
|
sudo fail2ban-client status sshd
|
|
sudo iptables -L
|
|
|
|
|
|
|
|
|
|
|