Dryusdan
/
scripts-vrac
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add fail2ban

This commit is contained in:
Dryusdan 2018-09-21 18:45:07 +02:00
parent 82ffa6b1a5
commit 71ac38e1b9
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
defaults-debian.conf Normal file
View File

@ -0,0 +1,21 @@
[DEFAULT]
ignoreip = 127.0.0.1/8 138.201.173.72 159.69.34.42 195.201.35.125 5.9.101.98
bantime = 3600
findtime = 900
destemail = admin@dryusdan.fr
sender = fail2ban.calion@dryusdan.fr
action = %(action_mwl)s
[sshd]
enabled = true
bantime = 86400
maxretry = 3
[nginx-http-auth]
enable = true
[nginx-botsearch]
enable = true
bantime = 43200
maxtry = 6

14
install_server.sh
View File

@ -30,11 +30,6 @@ echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sou
apt update
apt install telegraf
curl -sL https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt | apt-key add -
echo "deb https://updates.atomicorp.com/channels/atomic/debian stretch main" >> /etc/apt/sources.list.d/atomic.list
apt-get update
apt-get install ossec-hids-agent
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
@ -102,14 +97,13 @@ echo "if [ -f /usr/local/lib/python2.7/dist-packages/powerline/bindings/bash/pow
echo "source /usr/local/lib/python2.7/dist-packages/powerline/bindings/bash/powerline.sh" >> /home/dryusdan/.bashrc
echo "fi" >> /home/dryusdan/.bashrc
apt install -y fail2ban
# install php ext ?
apt install php-apcu php-bcmath php-cli-prompt php-common php-composer-ca-bundle php-composer-semver php-composer-spdx-licenses php-gmp php-json-schema php-pear php-psr-log php-symfony-console php-symfony-filesystem php-symfony-finder php-symfony-polyfill-mbstring php-symfony-process php-zip php7.0-bcmath php7.0-cli php7.0-common php7.0-curl php7.0-dev php7.0-fpm php7.0-gmp php7.0-gd php7.0-imap php7.0-intl php7.0-json php7.0-mcrypt php7.0-mbstring php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-recode php7.0-tidy php7.0-xml php7.0-zip
mkdir -p /etc/nginx/ssl/private/
wget -O- https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | tee -a /etc/nginx/ssl/private/letsencrypt-certs.pem
openssl dhparam -out /etc/nginx/ssl/private/dhparam.pem 4096
# Install composer ?
apt install composer
@ -117,4 +111,4 @@ apt install composer
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
apt update
apt-get install -y nodejs
apt-get install -y nodejs