add fail2ban
This commit is contained in:
parent
82ffa6b1a5
commit
71ac38e1b9
|
@ -0,0 +1,21 @@
|
|||
[DEFAULT]
|
||||
ignoreip = 127.0.0.1/8 138.201.173.72 159.69.34.42 195.201.35.125 5.9.101.98
|
||||
bantime = 3600
|
||||
findtime = 900
|
||||
destemail = admin@dryusdan.fr
|
||||
sender = fail2ban.calion@dryusdan.fr
|
||||
action = %(action_mwl)s
|
||||
|
||||
[sshd]
|
||||
enabled = true
|
||||
bantime = 86400
|
||||
maxretry = 3
|
||||
|
||||
[nginx-http-auth]
|
||||
enable = true
|
||||
|
||||
[nginx-botsearch]
|
||||
enable = true
|
||||
bantime = 43200
|
||||
maxtry = 6
|
||||
|
|
@ -30,11 +30,6 @@ echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sou
|
|||
apt update
|
||||
apt install telegraf
|
||||
|
||||
curl -sL https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt | apt-key add -
|
||||
echo "deb https://updates.atomicorp.com/channels/atomic/debian stretch main" >> /etc/apt/sources.list.d/atomic.list
|
||||
apt-get update
|
||||
apt-get install ossec-hids-agent
|
||||
|
||||
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A INPUT -i lo -j ACCEPT
|
||||
iptables -A INPUT -p icmp -j ACCEPT
|
||||
|
@ -102,14 +97,13 @@ echo "if [ -f /usr/local/lib/python2.7/dist-packages/powerline/bindings/bash/pow
|
|||
echo "source /usr/local/lib/python2.7/dist-packages/powerline/bindings/bash/powerline.sh" >> /home/dryusdan/.bashrc
|
||||
echo "fi" >> /home/dryusdan/.bashrc
|
||||
|
||||
|
||||
apt install -y fail2ban
|
||||
|
||||
# install php ext ?
|
||||
|
||||
apt install php-apcu php-bcmath php-cli-prompt php-common php-composer-ca-bundle php-composer-semver php-composer-spdx-licenses php-gmp php-json-schema php-pear php-psr-log php-symfony-console php-symfony-filesystem php-symfony-finder php-symfony-polyfill-mbstring php-symfony-process php-zip php7.0-bcmath php7.0-cli php7.0-common php7.0-curl php7.0-dev php7.0-fpm php7.0-gmp php7.0-gd php7.0-imap php7.0-intl php7.0-json php7.0-mcrypt php7.0-mbstring php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-recode php7.0-tidy php7.0-xml php7.0-zip
|
||||
|
||||
mkdir -p /etc/nginx/ssl/private/
|
||||
wget -O- https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | tee -a /etc/nginx/ssl/private/letsencrypt-certs.pem
|
||||
openssl dhparam -out /etc/nginx/ssl/private/dhparam.pem 4096
|
||||
|
||||
# Install composer ?
|
||||
apt install composer
|
||||
|
||||
|
@ -117,4 +111,4 @@ apt install composer
|
|||
|
||||
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
|
||||
apt update
|
||||
apt-get install -y nodejs
|
||||
apt-get install -y nodejs
|
||||
|
|
Loading…
Reference in New Issue