From 17f6d814239783a0fcbaf2ea7319609ddb019ad5 Mon Sep 17 00:00:00 2001 From: Brian Zalewski Date: Fri, 27 Jan 2023 09:28:02 +0000 Subject: [PATCH] Update 5 files - /home/dot_ssh/system/run_onchanges_after_sshd.tmpl - /home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_13-post-install-packages.tmpl - /home/.chezmoidata.yaml - /software.yml --- home/.chezmoidata.yaml | 3 +- ...change_after_13-post-install-packages.tmpl | 1 - .../run_onchanges_after_fail2ban.tmpl | 41 +++++++++++++++++++ .../system/run_onchanges_after_sshd.tmpl | 9 +++- software.yml | 14 +++++++ 5 files changed, 64 insertions(+), 4 deletions(-) create mode 100644 home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index 3cad05c0..231bd1c6 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -247,7 +247,8 @@ softwareGroups: - rm-improved - rsync - sd - - snapd + # Bundled into installer + # - snapd - task - tmux - tor diff --git a/home/.chezmoiscripts/universal/run_onchange_after_13-post-install-packages.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_13-post-install-packages.tmpl index fced2657..c1c2d20d 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_13-post-install-packages.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_13-post-install-packages.tmpl @@ -4,7 +4,6 @@ {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} - ### Remove Firefox snap if Flatpak is installed if command -v org.mozilla.firefox > /dev/null && command -v snap > /dev/null && snap list firefox | grep firefox > /dev/null; then logg info 'Removing snap version of Firefox because Flatpak version is already installed' diff --git a/home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl b/home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl new file mode 100644 index 00000000..5e1e2755 --- /dev/null +++ b/home/dot_ssh/fail2ban/run_onchanges_after_fail2ban.tmpl @@ -0,0 +1,41 @@ +{{- if ne .host.distro.family "windows" }} +#!/usr/bin/env bash + +# jail.local hash: {{ include (joinPath .host.home ".ssh" "fail2ban" "jail.local") | sha256sum }} + +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + +### Restart fail2ban +function restartFail2Ban() { + if [ -d /Applications ] && [ -d /System ]; then + # macOS + logg info 'Enabling the `fail2ban` Homebrew service' + brew services start fail2ban + else + # Linux + logg info 'Enabling the `fail2ban` service' + sudo systemctl enable fail2ban + logg info 'Restarting the `fail2ban` service' + sudo systemctl restart fail2ban + fi +} + +### Update the jail.local file if environment is not WSL +if [[ ! "$(grep Microsoft /proc/version)" ]]; then + if [ -d /etc/fail2ban ]; then + logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local' + sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local + restartFail2Ban + elif [ -d /usr/local/etc/fail2ban ]; then + logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local' + sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local + restartFail2Ban + else + logg warn 'Both the /etc/fail2ban (Linux) and the /usr/local/etc/fail2ban (macOS) folder do not exist' + fi +else + logg info 'Skipping sshd_config application since environment is WSL' +fi + +{{ end -}} diff --git a/home/dot_ssh/system/run_onchanges_after_sshd.tmpl b/home/dot_ssh/system/run_onchanges_after_sshd.tmpl index eefa3927..f18b2faa 100644 --- a/home/dot_ssh/system/run_onchanges_after_sshd.tmpl +++ b/home/dot_ssh/system/run_onchanges_after_sshd.tmpl @@ -1,6 +1,12 @@ {{- if ne .host.distro.family "windows" }} #!/usr/bin/env bash +# sshd_config hash: {{ include (joinPath .host.home ".ssh" "system" "sshd_config") | sha256sum }} +# banner hash: {{ include (joinPath .host.home ".ssh" "system" "banner") | sha256sum }} + +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + ### Update /etc/ssh/sshd_config if environment is not WSL if [[ ! "$(grep Microsoft /proc/version)" ]]; then if [ -d /etc/ssh ]; then @@ -22,8 +28,7 @@ if [[ ! "$(grep Microsoft /proc/version)" ]]; then logg info 'Enabling the `sshd` service' sudo systemctl enable sshd logg info 'Restarting the `sshd` service' - - sudo service sshd restart + sudo systemctl restart sshd fi else logg warn 'The /etc/ssh folder does not exist' diff --git a/software.yml b/software.yml index bb5216f5..666a27c7 100644 --- a/software.yml +++ b/software.yml @@ -5198,7 +5198,16 @@ softwarePackages: _github: https://github.com/nmap/nmap _home: https://nmap.org/ _name: Nmap + _post:snap: sudo snap connect nmap:network-control ansible: professormanhattan.nmap + apt: nmap + brew: nmap + choco: nmap + dnf: nmap + pacman: nmap + port: nmap + scoop: nmap + snap: nmap _service: false _type: cli nnn: @@ -7650,6 +7659,11 @@ softwarePackages: _home: null _name: tree-cli ansible: professormanhattan.tree + apt: tree + brew: tree + choco: tree + dnf: tree + pacman: tree _service: false _type: cli tree-sitter: