forked from DGNum/infrastructure
feat(fail2ban): Add preauth jail and enable on storage01
This commit is contained in:
parent
a7b492373f
commit
03d4fd3982
2 changed files with 15 additions and 0 deletions
|
@ -3,6 +3,7 @@
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [
|
enabledModules = [
|
||||||
# List of modules to enable
|
# List of modules to enable
|
||||||
|
"dgn-fail2ban"
|
||||||
"dgn-web"
|
"dgn-web"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -17,6 +18,8 @@ lib.extra.mkConfig {
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
|
dgn-fail2ban.jails.sshd-preauth.enabled = true;
|
||||||
|
|
||||||
dgn-hardware.useZfs = true;
|
dgn-hardware.useZfs = true;
|
||||||
|
|
||||||
dgn-runners.enable = true;
|
dgn-runners.enable = true;
|
||||||
|
|
|
@ -68,6 +68,18 @@ _: {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sshd-preauth = {
|
||||||
|
filter.Definition = {
|
||||||
|
failregex = "Received disconnect from <ADDR> port .* Bye Bye \\[preauth\\]$";
|
||||||
|
journalmatch = "_SYSTEMD_UNIT=sshd.service";
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
findtime = 600;
|
||||||
|
maxretry = 1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
sshd-timeout = {
|
sshd-timeout = {
|
||||||
filter.Definition = {
|
filter.Definition = {
|
||||||
failregex = "fatal: Timeout before authentication for <ADDR>.*$";
|
failregex = "fatal: Timeout before authentication for <ADDR>.*$";
|
||||||
|
|
Loading…
Reference in a new issue