#!/usr/bin/env bash # # install mcp # # set -o errexit set -o pipefail set -o nounset # installing dependencies apt update && apt upgrade -y && apt autoremove -y apt install -y git unzip curl ufw fail2ban cockpit software-properties-common systemctl start cockpit # # configure ufw and start # # ufw allow ssh ufw allow 9090/tcp service ufw start echo "y" | ufw enable # # configure fail2ban and start # # cat > /etc/fail2ban/jail.local << EOF [default] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 # "bantime" is the number of seconds that a host is banned. bantime = 3600 banaction = ufw # The length of time between login attempts before a ban is set. # For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts, # those 3 attempts must occur within the set 10-minute findtime limit. # The findtime value should be a set number of seconds. findtime = 600 maxretry = 5 [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth-fail2ban.log EOF cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d touch /var/log/fail2ban.log service fail2ban start echo -e "mcp installed"