DGNum/infrastructure
13
6
Fork 3
Code Issues 20 Pull requests 7 Projects 1 Releases Packages Wiki Activity Actions

feat(fail2ban): Add preauth jail and enable on storage01
All checks were successful
build configuration / build_web01 (push) Successful in 45s
Details
build configuration / build_storage01 (push) Successful in 56s
Details
build configuration / build_compute01 (push) Successful in 1m13s
Details

Browse source
This commit is contained in:
Tom Hubrecht 2024-01-05 16:10:06 +01:00
parent a7b492373f
commit 03d4fd3982
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
machines/storage01/_configuration.nix
View file

@ -3,6 +3,7 @@
lib.extra.mkConfig { lib.extra.mkConfig {
enabledModules = [ enabledModules = [
# List of modules to enable # List of modules to enable
"dgn-fail2ban"
"dgn-web" "dgn-web"
]; ];
@ -17,6 +18,8 @@ lib.extra.mkConfig {
]; ];
extraConfig = { extraConfig = {
dgn-fail2ban.jails.sshd-preauth.enabled = true;
dgn-hardware.useZfs = true; dgn-hardware.useZfs = true;
dgn-runners.enable = true; dgn-runners.enable = true;

12
modules/dgn-fail2ban/jails.nix
View file

@ -68,6 +68,18 @@ _: {
}; };
}; };
sshd-preauth = {
filter.Definition = {
failregex = "Received disconnect from <ADDR> port .* Bye Bye \\[preauth\\]$";
journalmatch = "_SYSTEMD_UNIT=sshd.service";
};
settings = {
findtime = 600;
maxretry = 1;
};
};
sshd-timeout = { sshd-timeout = {
filter.Definition = { filter.Definition = {
failregex = "fatal: Timeout before authentication for <ADDR>.*$"; failregex = "fatal: Timeout before authentication for <ADDR>.*$";