From f113a3bfc9c006e4d2ab32a0f3362d457fca1c8c Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 24 Jan 2019 14:16:21 -0800 Subject: [PATCH] fail2ban: Split and update configuration files - Easy to configure for separate services. - Unique names ensure that system administrator FreedomBox configuration files don't conflict with system administrator created ones. - Set maximum attempts to 10 globally instead of 5. Signed-off-by: Sunil Mohan Adapa --- data/etc/fail2ban/jail.d/apache-auth-freedombox.conf | 2 ++ data/etc/fail2ban/jail.d/freedombox.conf | 3 +++ data/etc/fail2ban/jail.d/ssh-freedombox.conf | 2 ++ data/etc/fail2ban/jail.local | 6 ------ setup.py | 3 +-- 5 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 data/etc/fail2ban/jail.d/apache-auth-freedombox.conf create mode 100644 data/etc/fail2ban/jail.d/freedombox.conf create mode 100644 data/etc/fail2ban/jail.d/ssh-freedombox.conf delete mode 100644 data/etc/fail2ban/jail.local diff --git a/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf b/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf new file mode 100644 index 000000000..83b19ecee --- /dev/null +++ b/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf @@ -0,0 +1,2 @@ +[apache-auth] +enabled = true diff --git a/data/etc/fail2ban/jail.d/freedombox.conf b/data/etc/fail2ban/jail.d/freedombox.conf new file mode 100644 index 000000000..0a49d734e --- /dev/null +++ b/data/etc/fail2ban/jail.d/freedombox.conf @@ -0,0 +1,3 @@ +[DEFAULT] +# 10 tries in the last 10 minutes before banning for 10 minutes +maxretry = 10 diff --git a/data/etc/fail2ban/jail.d/ssh-freedombox.conf b/data/etc/fail2ban/jail.d/ssh-freedombox.conf new file mode 100644 index 000000000..9eb356c82 --- /dev/null +++ b/data/etc/fail2ban/jail.d/ssh-freedombox.conf @@ -0,0 +1,2 @@ +[sshd] +enabled = true diff --git a/data/etc/fail2ban/jail.local b/data/etc/fail2ban/jail.local deleted file mode 100644 index 50d03c3ff..000000000 --- a/data/etc/fail2ban/jail.local +++ /dev/null @@ -1,6 +0,0 @@ -[sshd] -enabled = true - -[apache-auth] -enabled = true -maxretry = 10 diff --git a/setup.py b/setup.py index 143cb50be..05c840b8d 100755 --- a/setup.py +++ b/setup.py @@ -264,8 +264,7 @@ setuptools.setup( glob.glob('data/usr/share/augeas/lenses/tests/test_*.aug')), ('/usr/share/pam-configs/', glob.glob('data/usr/share/pam-configs/*-freedombox')), - ('/etc/fail2ban/', - ['data/etc/fail2ban/jail.local']), + ('/etc/fail2ban/jail.d', glob.glob('data/etc/fail2ban/jail.d/*.conf')), ('/etc/plinth/modules-enabled', glob.glob(os.path.join( 'data/etc/plinth/modules-enabled',