DGNum/infrastructure
9
6
Fork 2
Code Issues 13 Pull requests 6 Actions Packages Projects 1 Releases Wiki Activity

feat(fail2ban): Add preauth jail and enable on storage01
All checks were successful
build configuration / build_web01 (push) Successful in 45s
Details
build configuration / build_storage01 (push) Successful in 56s
Details
build configuration / build_compute01 (push) Successful in 1m13s
Details

Browse source
This commit is contained in:
Tom Hubrecht 2024-01-05 16:10:06 +01:00
parent a7b492373f
commit 03d4fd3982
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
machines/storage01/_configuration.nix
View file

@ -3,6 +3,7 @@
lib.extra.mkConfig {
enabledModules = [
# List of modules to enable
"dgn-fail2ban"
"dgn-web"
];
@ -17,6 +18,8 @@ lib.extra.mkConfig {
];
extraConfig = {
dgn-fail2ban.jails.sshd-preauth.enabled = true;
dgn-hardware.useZfs = true;
dgn-runners.enable = true;

12
modules/dgn-fail2ban/jails.nix
View file

@ -68,6 +68,18 @@ _: {
};
};
sshd-preauth = {
filter.Definition = {
failregex = "Received disconnect from <ADDR> port .* Bye Bye \\[preauth\\]$";
journalmatch = "_SYSTEMD_UNIT=sshd.service";
};
settings = {
findtime = 600;
maxretry = 1;
};
};
sshd-timeout = {
filter.Definition = {
failregex = "fatal: Timeout before authentication for <ADDR>.*$";