install.fairie/docs/scripts/after/run_onchange_after_31-fail2ban.sh.tmpl.md
2023-08-08 03:06:49 -04:00

82 lines
3.3 KiB
Markdown

---
title: Fail2ban Configuration
description: Applies the system `fail2ban` jail configuration and then restarts the service
sidebar_label: 31 Fail2ban Configuration
slug: /scripts/after/run_onchange_after_31-fail2ban.sh.tmpl
githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
repoLocation: home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
---
# Fail2ban Configuration
Applies the system `fail2ban` jail configuration and then restarts the service
## Overview
Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be
attempting to gain unauthorized system access. This script applies the "jail" configuration
located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
the `fail2ban` configuration.
## Links
* [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)
## Source Code
```
{{- if eq .host.distro.family "linux" -}}
#!/usr/bin/env bash
# @file Fail2ban Configuration
# @brief Applies the system `fail2ban` jail configuration and then restarts the service
# @description
# Fail2ban is an SSH security program that temporarily bans IP addresses that could possibly be
# attempting to gain unauthorized system access. This script applies the "jail" configuration
# located at `home/private_dot_ssh/fail2ban/` to the system location. It then enables and restarts
# the `fail2ban` configuration.
#
# ## Links
#
# * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)
# jail.local hash: {{- include (joinPath .host.home ".ssh" "fail2ban" "jail.local") | sha256sum -}}
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Restart fail2ban
function restartFail2Ban() {
if [ -d /Applications ] && [ -d /System ]; then
# macOS
logg info 'Enabling the `fail2ban` Homebrew service'
brew services start fail2ban
else
# Linux
logg info 'Enabling the `fail2ban` service'
sudo systemctl enable fail2ban
logg info 'Restarting the `fail2ban` service'
sudo systemctl restart fail2ban
fi
}
### Update the jail.local file if environment is not WSL
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
if [ -d /etc/fail2ban ]; then
logg info 'Copying ~/.ssh/fail2ban/jail.local to /etc/fail2ban/jail.local'
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /etc/fail2ban/jail.local
restartFail2Ban
elif [ -d /usr/local/etc/fail2ban ]; then
logg info 'Copying ~/.ssh/fail2ban/jail.local to /usr/local/etc/fail2ban/jail.local'
sudo cp -f "$HOME/.ssh/fail2ban/jail.local" /usr/local/etc/fail2ban/jail.local
restartFail2Ban
else
logg warn 'Both the /etc/fail2ban (Linux) and the /usr/local/etc/fail2ban (macOS) folder do not exist'
fi
else
logg info 'Skipping sshd_config application since environment is WSL'
fi
{{ end -}}
```