initial commit

2026-02-19 20:05:04 +03:00
parent 1ee67d8159
commit 05097d5dda
32 changed files with 4413 additions and 3 deletions
--- a/01/01-k-server-initial-setup.08.sh
+++ b/01/01-k-server-initial-setup.08.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+#===============================================================================
+# ШАГ 8: НАСТРОЙКА FAIL2BAN
+#===============================================================================
+# Запуск: sudo bash 01-k-server-initial-setup.08.sh
+#===============================================================================
+
+SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd)
+source "$SCRIPT_DIR/01-k-server-initial-setup.00.sh"
+
+init_log
+check_root
+
+print_header "ШАГ 8: НАСТРОЙКА FAIL2BAN"
+
+#-------------------------------------------------------------------------------
+# 8.1 Проверка установки
+#-------------------------------------------------------------------------------
+print_subheader "Проверка fail2ban"
+
+if ! is_installed fail2ban; then
+    print_info "Установка fail2ban..."
+    apt install -y fail2ban
+fi
+
+print_success "fail2ban установлен"
+
+#-------------------------------------------------------------------------------
+# 8.2 Создание конфигурации
+#-------------------------------------------------------------------------------
+print_subheader "Создание конфигурации"
+
+cat > /etc/fail2ban/jail.local << EOF
+# Fail2ban configuration for Git Server
+
+[DEFAULT]
+# Время бана
+bantime = 1h
+# Время наблюдения
+findtime = 10m
+# Количество попыток
+maxretry = 3
+# Backend
+backend = systemd
+# Email для уведомлений (опционально)
+# destemail = admin@example.com
+# sendername = Fail2Ban
+
+[sshd]
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 3
+bantime = 1h
+findtime = 10m
+EOF
+
+print_success "Конфигурация создана"
+
+#-------------------------------------------------------------------------------
+# 8.3 Запуск сервиса
+#-------------------------------------------------------------------------------
+print_subheader "Запуск fail2ban"
+
+systemctl enable fail2ban
+systemctl restart fail2ban
+
+if service_running fail2ban; then
+    print_success "fail2ban запущен"
+else
+    print_error "fail2ban не запустился"
+    systemctl status fail2ban --no-pager
+    exit 1
+fi
+
+#-------------------------------------------------------------------------------
+# 8.4 Проверка статуса
+#-------------------------------------------------------------------------------
+print_subheader "Статус fail2ban"
+
+echo ""
+fail2ban-client status
+echo ""
+fail2ban-client status sshd 2>/dev/null || true
+
+print_success "Шаг 8 завершён: Fail2ban настроен"