Slackware/bootstrap
1
0
Fork 0
Code Releases Wiki Activity

Add Darren's IPv6 range to fail2ban.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2022-08-26 17:54:13 +01:00
commit ed8e8346f1
2 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
base-files/fail2ban/jail.local
View file

@ -7,7 +7,7 @@
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses # will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator. # can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8,::1 10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 5.101.171.210/28,2a01:a500:2981:1::/64 91.109.244.7,91.109.244.8,91.109.244.9,91.109.244.10,91.109.244.11,2a02:2498:1:227::/64 88.80.191.137,2a01:7e00::f03c:93ff:fe86:afae 185.176.90.169,2a07:4580:b0d:57f::169 afterdark.org.uk ignoreip = 127.0.0.1/8,::1 10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 5.101.171.210/28,2a01:a500:2981:1::/64 91.109.244.7,91.109.244.8,91.109.244.9,91.109.244.10,91.109.244.11,2a02:2498:1:227::/64 88.80.191.137,2a01:7e00::f03c:93ff:fe86:afae 185.176.90.169,2a07:4580:b0d:57f::169 afterdark.org.uk,2001:470:1f1c:58::/64
# "bantime" is the number of seconds that a host is banned. # "bantime" is the number of seconds that a host is banned.
bantime = 2d bantime = 2d

11
bootstrap
View file

@ -53,6 +53,9 @@ chmod 755 /etc/profile.d/biff.*
chmod 755 /etc/profile.d/lang.* chmod 755 /etc/profile.d/lang.*
chmod 755 /etc/profile.d/less.* chmod 755 /etc/profile.d/less.*
chmod 755 /etc/profile.d/optpaths.* chmod 755 /etc/profile.d/optpaths.*
chmod 755 /etc/rc.d/rc.local*
chmod 755 /etc/rc.d/rc.modules.local
chmod 755 /etc/rc.d/rc.firewall
chmod 750 /etc/sudoers.d chmod 750 /etc/sudoers.d
# Install pushover. # Install pushover.
@ -60,8 +63,8 @@ echo "-> Installing pushover..."
cp utils/pushover /opt/bin cp utils/pushover /opt/bin
chmod 755 /opt/bin/pushover chmod 755 /opt/bin/pushover
# Read the gpg passphraise. # Read the gpg passphrase.
read -r -p "----> Enter GPG decryption passphraise (appears in clear text): " PASS read -r -p "----> Enter GPG decryption passphrase (appears in clear text): " PASS
# Decrypt the pushover-config. # Decrypt the pushover-config.
echo "-> Decrypting /etc/pushover/*.gpg..." echo "-> Decrypting /etc/pushover/*.gpg..."
@ -135,11 +138,11 @@ chown -R tadgy:users /home/tadgy/.ssh
# Encrypt the databases so they can be checked into git. # Encrypt the databases so they can be checked into git.
echo "-> Encrypting /etc/shadow and /etc/gshadow..." echo "-> Encrypting /etc/shadow and /etc/gshadow..."
read -r -p "----> Enter GPG encryption passphraise (appears in clear text): " PASS read -r -p "----> Enter GPG encryption passphrase (appears in clear text): " PASS
gpg -c --passphrase "$PASS" -o /etc/shadow.gpg /etc/shadow gpg -c --passphrase "$PASS" -o /etc/shadow.gpg /etc/shadow
gpg -c --passphrase "$PASS" -o /etc/gshadow.gpg /etc/gshadow gpg -c --passphrase "$PASS" -o /etc/gshadow.gpg /etc/gshadow
# Remove the passphraise from environment. # Remove the passphrase from environment.
unset PASS unset PASS
# Create log archive directories and move old log files. # Create log archive directories and move old log files.