add configure_fail2ban

files/jail.local

@@ -0,0 +1,24 @@
+[DEFAULT]
+# Ban hosts for one hour:
+ignoreip = 127.0.0.1/8
+bantime  = 86400
+findtime = 600
+maxretry = 10
+# Override /etc/fail2ban/jail.d/00-firewalld.conf:
+# if you use iptables firewall use this one
+# banaction = iptables-multiport
+# if you use firewalld firewall use this one
+# banaction = firewallcmd-ipset
+# action    = %(action_mwl)s
+
+[sshd-22]
+enabled = true
+filter  = sshd
+port    = 22
+# action  = %(action_mwl)s
+# logpath = /var/log/secure
+
+[sshd-2263]
+enabled = true
+filter  = sshd
+port    = 2263

init_root.sh

@@ -175,6 +175,19 @@ configure_timedate() {
     fi
 }
 
+configure_fail2ban() {
+    read -p "要配置 fail2ban 吗？[Y]: " response
+
+    if [[ $response =~ ^[Yy]$ ]]; then
+        apt install fail2ban
+        mkdir -p /etc/fail2ban
+        cp $scriptdir/files/jail.local /etc/fail2ban/jail.local
+        systemctl start fail2ban
+        systemctl enable fail2ban
+        fail2ban-client status sshd
+    fi
+}
+
 if [[ $EUID -ne 0 ]]; then
     echo "This script must be run as root."
     exit 1
@@ -192,3 +205,4 @@ configure_tmux
 configure_iptables
 # configure_hostname
 configure_timedate
+configure_fail2ban

init_sudo.sh

@@ -175,6 +175,19 @@ configure_timedate() {
     fi
 }
 
+configure_fail2ban() {
+    read -p "要配置 fail2ban 吗？[Y]: " response
+
+    if [[ $response =~ ^[Yy]$ ]]; then
+        sudo apt install fail2ban
+        sudo mkdir -p /etc/fail2ban
+        sudo cp $scriptdir/files/jail.local /etc/fail2ban/jail.local
+        sudo systemctl start fail2ban
+        sudo systemctl enable fail2ban
+        sudo fail2ban-client status sshd
+    fi
+}
+
 if [[ $EUID -eq 0 ]]; then
     echo "This script should not be run as root."
     exit 1
@@ -192,3 +205,4 @@ configure_tmux
 configure_iptables
 # configure_hostname
 configure_timedate
+configure_fail2ban