Created
November 24, 2017 20:58
-
-
Save njregenwether/a28e291c0e719d5bb38bf07e7cd84f27 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # run this as root | |
| # This is basically stolen from digital ocean's guide, just made to be a bit more automated. | |
| # This will install and configure fail2ban for a centos7 system using firewalld. | |
| # No iptables were injured in the making of this gist. | |
| # Install fail2ban. | |
| yum -y install epel-release | |
| yum install fail2ban fail2ban-firewalld | |
| systemctl enable fail2ban | |
| cat > /etc/fail2ban/jail.local <<- EOM | |
| [DEFAULT] | |
| ignoreip = 127.0.0.1/8 | |
| # Ban a user under these conditions: | |
| findtime = 600 | |
| maxretry = 5 | |
| # Ban hosts for one hour: | |
| bantime = 3600 | |
| # Override /etc/fail2ban/jail.d/00-firewalld.conf: | |
| banaction = firewallcmd-ipset | |
| # Care to notify root? | |
| #destemail = root@localhost | |
| #sendername = Fail2Ban | |
| #mta = sendmail | |
| [sshd] | |
| enabled = true | |
| EOM | |
| systemctl restart fail2ban |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment