forked from DGNum/infrastructure
feat(fail2ban): Add preauth jail and enable on storage01
This commit is contained in:
parent
a7b492373f
commit
03d4fd3982
2 changed files with 15 additions and 0 deletions
|
|
@ -3,6 +3,7 @@
|
|||
lib.extra.mkConfig {
|
||||
enabledModules = [
|
||||
# List of modules to enable
|
||||
"dgn-fail2ban"
|
||||
"dgn-web"
|
||||
];
|
||||
|
||||
|
|
@ -17,6 +18,8 @@ lib.extra.mkConfig {
|
|||
];
|
||||
|
||||
extraConfig = {
|
||||
dgn-fail2ban.jails.sshd-preauth.enabled = true;
|
||||
|
||||
dgn-hardware.useZfs = true;
|
||||
|
||||
dgn-runners.enable = true;
|
||||
|
|
|
|||
|
|
@ -68,6 +68,18 @@ _: {
|
|||
};
|
||||
};
|
||||
|
||||
sshd-preauth = {
|
||||
filter.Definition = {
|
||||
failregex = "Received disconnect from <ADDR> port .* Bye Bye \\[preauth\\]$";
|
||||
journalmatch = "_SYSTEMD_UNIT=sshd.service";
|
||||
};
|
||||
|
||||
settings = {
|
||||
findtime = 600;
|
||||
maxretry = 1;
|
||||
};
|
||||
};
|
||||
|
||||
sshd-timeout = {
|
||||
filter.Definition = {
|
||||
failregex = "fatal: Timeout before authentication for <ADDR>.*$";
|
||||
|
|
|
|||
Loading…
Reference in a new issue