Compare commits

...

2 Commits

Author SHA1 Message Date
Matthew Saunders Brown
47b398a778 fixed, and renamed, firewall blacklist scripts 2022-12-20 14:49:52 -08:00
Matthew Saunders Brown
e0e9b2ef03 harden up f2b ssh 2022-12-16 11:22:06 -08:00
3 changed files with 5 additions and 2 deletions

View File

@ -101,6 +101,9 @@ chmod 644 fail2ban/*.local
chmod 644 fail2ban/*/*.conf
cp -a fail2ban/* /etc/fail2ban/
echo "destemail = $WEBMASTER" >> /etc/fail2ban/jail.local
echo "bantime = 24h" >> /etc/fail2ban/jail.d/defaults-debian.conf
echo "maxretry = 3" >> /etc/fail2ban/jail.d/defaults-debian.conf
echo "logpath = /var/log/auth.log tail" >> /etc/fail2ban/jail.d/defaults-debian.conf
systemctl enable fail2ban
systemctl start fail2ban

View File

@ -8,7 +8,7 @@ else
exit 1
fi
if [[ firewall-cmd --ipset=blacklist --query-entry $IP >/dev/null ]]; then
if [[ `firewall-cmd --ipset=blacklist --query-entry $IP` = "yes" ]]; then
echo "IP $IP already in blacklist. Doing nothing."

View File

@ -8,7 +8,7 @@ else
exit 1
fi
if [[ firewall-cmd --ipset=blacklist --query-entry $IP >/dev/null ]]; then
if [[ `firewall-cmd --ipset=blacklist --query-entry $IP` = "yes" ]]; then
firewall-cmd --ipset=blacklist --remove-entry=$IP
firewall-cmd --permanent --ipset=blacklist --remove-entry=$IP