install.fairie/docs/scripts/after/run_onchange_after_31-fail2ban.sh.tmpl.md

---
title: Fail2ban Configuration
description: Applies the system `fail2ban` jail configuration and then restarts the service
sidebar_label: 31 Fail2ban Configuration
slug: /scripts/after/run_onchange_after_31-fail2ban.sh.tmpl
githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
repoLocation: home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
---
# Fail2ban Configuration

Applies the system `fail2ban` jail configuration and then restarts the service

## Overview

Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be
attempting to gain unauthorized system access. This script applies the "jail" configuration
located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
the `fail2ban` configuration.

## Links

* [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)


## Source Code

```
{{- if eq .host.distro.family "linux" -}}
#!/usr/bin/env bash
# @file Fail2ban Configuration
# @brief Applies the system `fail2ban` jail configuration and then restarts the service
# @description
#     Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be
#     attempting to gain unauthorized system access. This script applies the "jail" configuration
#     located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
#     the `fail2ban` configuration.
#
#     ## Links
#
#     * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)

# jail.local hash: {{- include (joinPath .host.home ".ssh" "fail2ban" "jail.local") | sha256sum -}}

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

### Restart fail2ban
function restartFail2Ban() {
    if [ -d /Applications ] && [ -d /System ]; then
        # macOS
        logg info 'Enabling the fail2ban Homebrew service'
        brew services start fail2ban
    else
        # Linux
        logg info 'Enabling the fail2ban service'
        sudo systemctl enable fail2ban
        logg info 'Restarting the fail2ban service'
        sudo systemctl restart fail2ban
    fi
}

### Update the jail.local file if environment is not WSL
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
    if [ -d /etc/fail2ban ]; then
        logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local'
        sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local
        restartFail2Ban
    elif [ -d /usr/local/etc/fail2ban ]; then
        logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local'
        sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local
        restartFail2Ban
    else
        logg warn 'Both the /etc/fail2ban (Linux) and the /usr/local/etc/fail2ban (macOS) folder do not exist'
    fi
else
    logg info 'Skipping sshd_config application since environment is WSL'
fi

{{ end -}}
```
Added documentation to /docs and other misc. fixes 2023-08-08 00:06:49 -07:00			`---`
			`title: Fail2ban Configuration`
			description: Applies the system `fail2ban` jail configuration and then restarts the service
			`sidebar_label: 31 Fail2ban Configuration`
			`slug: /scripts/after/run_onchange_after_31-fail2ban.sh.tmpl`
			`githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl`
			`scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl`
			`repoLocation: home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl`
			`---`
			`# Fail2ban Configuration`

			Applies the system `fail2ban` jail configuration and then restarts the service

			`## Overview`

			`Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be`
			`attempting to gain unauthorized system access. This script applies the "jail" configuration`
			located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
			the `fail2ban` configuration.

			`## Links`

			* [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)



			`## Source Code`

			```
			`{{- if eq .host.distro.family "linux" -}}`
			`#!/usr/bin/env bash`
			`# @file Fail2ban Configuration`
			# @brief Applies the system `fail2ban` jail configuration and then restarts the service
			`# @description`
			`# Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be`
			`# attempting to gain unauthorized system access. This script applies the "jail" configuration`
			# located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
			# the `fail2ban` configuration.
			`#`
			`# ## Links`
			`#`
			# * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)

			`# jail.local hash: {{- include (joinPath .host.home ".ssh" "fail2ban" "jail.local") \| sha256sum -}}`

			`{{ includeTemplate "universal/profile" }}`
			`{{ includeTemplate "universal/logg" }}`

			`### Restart fail2ban`
			`function restartFail2Ban() {`
			`if [ -d /Applications ] && [ -d /System ]; then`
			`# macOS`
Removed markdown from script logic 2023-11-04 18:46:18 -07:00			`logg info 'Enabling the fail2ban Homebrew service'`
Added documentation to /docs and other misc. fixes 2023-08-08 00:06:49 -07:00			`brew services start fail2ban`
			`else`
			`# Linux`
Removed markdown from script logic 2023-11-04 18:46:18 -07:00			`logg info 'Enabling the fail2ban service'`
Added documentation to /docs and other misc. fixes 2023-08-08 00:06:49 -07:00			`sudo systemctl enable fail2ban`
Removed markdown from script logic 2023-11-04 18:46:18 -07:00			`logg info 'Restarting the fail2ban service'`
Added documentation to /docs and other misc. fixes 2023-08-08 00:06:49 -07:00			`sudo systemctl restart fail2ban`
			`fi`
			`}`

			`### Update the jail.local file if environment is not WSL`
			`if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then`
			`if [ -d /etc/fail2ban ]; then`
			`logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local'`
			`sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local`
			`restartFail2Ban`
			`elif [ -d /usr/local/etc/fail2ban ]; then`
			`logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local'`
			`sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local`
			`restartFail2Ban`
			`else`
			`logg warn 'Both the /etc/fail2ban (Linux) and the /usr/local/etc/fail2ban (macOS) folder do not exist'`
			`fi`
			`else`
			`logg info 'Skipping sshd_config application since environment is WSL'`
			`fi`

			`{{ end -}}`
			```