88 lines
2.6 KiB
Bash
Executable File
88 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#===============================================================================
|
|
# ШАГ 8: НАСТРОЙКА FAIL2BAN
|
|
#===============================================================================
|
|
# Запуск: sudo bash 01-k-server-initial-setup.08.sh
|
|
#===============================================================================
|
|
|
|
SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd)
|
|
source "$SCRIPT_DIR/01-k-server-initial-setup.00.sh"
|
|
|
|
init_log
|
|
check_root
|
|
|
|
print_header "ШАГ 8: НАСТРОЙКА FAIL2BAN"
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# 8.1 Проверка установки
|
|
#-------------------------------------------------------------------------------
|
|
print_subheader "Проверка fail2ban"
|
|
|
|
if ! is_installed fail2ban; then
|
|
print_info "Установка fail2ban..."
|
|
apt install -y fail2ban
|
|
fi
|
|
|
|
print_success "fail2ban установлен"
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# 8.2 Создание конфигурации
|
|
#-------------------------------------------------------------------------------
|
|
print_subheader "Создание конфигурации"
|
|
|
|
cat > /etc/fail2ban/jail.local << EOF
|
|
# Fail2ban configuration for Git Server
|
|
|
|
[DEFAULT]
|
|
# Время бана
|
|
bantime = 1h
|
|
# Время наблюдения
|
|
findtime = 10m
|
|
# Количество попыток
|
|
maxretry = 3
|
|
# Backend
|
|
backend = systemd
|
|
# Email для уведомлений (опционально)
|
|
# destemail = admin@example.com
|
|
# sendername = Fail2Ban
|
|
|
|
[sshd]
|
|
enabled = true
|
|
port = ssh
|
|
filter = sshd
|
|
logpath = /var/log/auth.log
|
|
maxretry = 3
|
|
bantime = 1h
|
|
findtime = 10m
|
|
EOF
|
|
|
|
print_success "Конфигурация создана"
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# 8.3 Запуск сервиса
|
|
#-------------------------------------------------------------------------------
|
|
print_subheader "Запуск fail2ban"
|
|
|
|
systemctl enable fail2ban
|
|
systemctl restart fail2ban
|
|
|
|
if service_running fail2ban; then
|
|
print_success "fail2ban запущен"
|
|
else
|
|
print_error "fail2ban не запустился"
|
|
systemctl status fail2ban --no-pager
|
|
exit 1
|
|
fi
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# 8.4 Проверка статуса
|
|
#-------------------------------------------------------------------------------
|
|
print_subheader "Статус fail2ban"
|
|
|
|
echo ""
|
|
fail2ban-client status
|
|
echo ""
|
|
fail2ban-client status sshd 2>/dev/null || true
|
|
|
|
print_success "Шаг 8 завершён: Fail2ban настроен"
|