You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

62 lines
1.3 KiB

#!/usr/bin/env bash
#
# install mcp
#
#
set -o errexit
set -o pipefail
set -o nounset
# installing dependencies
apt update && apt upgrade -y && apt autoremove -y
apt install -y git unzip curl ufw fail2ban cockpit software-properties-common
systemctl start cockpit
#
# configure ufw and start
#
#
ufw allow ssh
ufw allow 9090/tcp
service ufw start
echo "y" | ufw enable
#
# configure fail2ban and start
#
#
cat > /etc/fail2ban/jail.local << EOF
[default]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
banaction = ufw
# The length of time between login attempts before a ban is set.
# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
# those 3 attempts must occur within the set 10-minute findtime limit.
# The findtime value should be a set number of seconds.
findtime = 600
maxretry = 5
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth-fail2ban.log
EOF
cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d
touch /var/log/fail2ban.log
service fail2ban start
echo -e "mcp installed"