diff options
| author | nachoparker <nacho@ownyourbits.com> | 2017-10-05 13:19:33 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2017-10-06 18:07:34 +0300 |
| commit | dcbafb292fe3d29add2efdfb44cca1212a926813 (patch) | |
| tree | 2f889b1e45ed35ae2f9522421ec721a0e2930b61 | |
| parent | a4e5df7c5b761506fcc968e31b1008f0be9761d8 (diff) | |
fail2ban: email notification (Closes #232)v0.31.12
| -rw-r--r-- | changelog.md | 4 | ||||
| -rw-r--r-- | etc/nextcloudpi-config.d/fail2ban.sh | 26 | ||||
| -rwxr-xr-x | update.sh | 8 |
3 files changed, 30 insertions, 8 deletions
diff --git a/changelog.md b/changelog.md index 821539d7..5ce54310 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v0.31.11](https://github.com/nextcloud/nextcloudpi/commit/f4586a0) (2017-10-04) nc-backup: fix excludes +[v0.31.12](https://github.com/nextcloud/nextcloudpi/commit/487e06e) (2017-10-05) fail2ban: email notification + +[v0.31.11](https://github.com/nextcloud/nextcloudpi/commit/3fc4d3c) (2017-10-04) nc-backup: fix excludes [v0.31.10](https://github.com/nextcloud/nextcloudpi/commit/c0c6b1b) (2017-10-04) nc-forward-ports: exit status on failure diff --git a/etc/nextcloudpi-config.d/fail2ban.sh b/etc/nextcloudpi-config.d/fail2ban.sh index e055761f..cef07fd2 100644 --- a/etc/nextcloudpi-config.d/fail2ban.sh +++ b/etc/nextcloudpi-config.d/fail2ban.sh @@ -24,12 +24,17 @@ FINDTIME_=600 # bad attempts before banning an IP MAXRETRY_=6 +# email to send notifications to +EMAIL_=optional@email.com + +MAILALERTS_=no + DESCRIPTION="Brute force protection for SSH and NextCloud" install() { apt-get update - apt-get install --no-install-recommends -y fail2ban + apt-get install --no-install-recommends -y fail2ban whois update-rc.d fail2ban disable rm -f /etc/fail2ban/jail.d/defaults-debian.conf @@ -54,6 +59,12 @@ exit 0 EOF chmod +x /etc/cont-init.d/100-fail2ban-run.sh } + + # tweak fail2ban email + local F=/etc/fail2ban/action.d/sendmail-common.conf + sed -i 's|Fail2Ban|NextCloudPi|' /etc/fail2ban/action.d/sendmail-whois-lines.conf + grep -q actionstart_ "$F" || sed -i 's|actionstart|actionstart_|' "$F" + grep -q actionstop_ "$F" || sed -i 's|actionstop|actionstop_|' "$F" } configure() @@ -89,6 +100,7 @@ failregex = Login failed.*Remote IP.*'<HOST>' ignoreregex = EOF + [[ "$MAILALERTS_" == "yes" ]] && local ACTION=action_mwl || local ACTION=action_ cat > /etc/fail2ban/jail.conf <<EOF # The DEFAULT allows a global definition of the options. They can be overridden @@ -111,13 +123,13 @@ maxretry = $MAXRETRY_ # # ACTIONS # -banaction = iptables-multiport -protocol = tcp -chain = INPUT -action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +banaction = iptables-multiport +protocol = tcp +chain = INPUT +action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action = %(action_)s + sendmail-whois-lines[name=%(__name__)s, dest=$EMAIL_, sender=ncp-fail2ban@ownyourbits.com] +action = %($ACTION)s # # SSH @@ -252,6 +252,14 @@ EOF cat >> /etc/pip.conf <<<"extra-index-url=https://www.piwheels.hostedpi.com/simple/zope.components" /etc/letsencrypt/letsencrypt-auto --help } + + # tweak fail2ban email + F=/etc/fail2ban/action.d/sendmail-common.conf + sed -i 's|Fail2Ban|NextCloudPi|' /etc/fail2ban/action.d/sendmail-whois-lines.conf + grep -q actionstart_ "$F" || sed -i 's|actionstart|actionstart_|' "$F" + grep -q actionstop_ "$F" || sed -i 's|actionstop|actionstop_|' "$F" + type whois &>/dev/null || { apt-get update; apt-get install --no-install-recommends -y whois; } + } # License |