ssh and fail2ban in debian 12 bookworm

fail2ban.sh

#!/usr/bin/env bash

check_root_privileges() {
  if [ "$EUID" -ne 0 ]; then
    echo "Este script precisa ser executado com privilégios de superusuário (root)."
    exit 1
  fi
}

update_package_list() {
  apt update && apt upgrade
}

install_fail2ban() {
  apt install -y fail2ban
}

configure_fail2ban_ssh() {
  local jail_local="/etc/fail2ban/jail.local"

  touch "$jail_local" || { echo "Falha ao criar $jail_local"; exit 1; }

  cat <<EOL >> "$jail_local"
[sshd]
backend=systemd
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOL
}

restart_fail2ban_service() {
  systemctl restart fail2ban
}

install_ssh_server() {
  if ! command -v sshd &> /dev/null; then
    apt install -y openssh-server
  fi
}

restart_ssh_service() {
  systemctl restart ssh
}

main() {
  check_root_privileges
  update_package_list
  install_fail2ban
  configure_fail2ban_ssh
  restart_fail2ban_service
  install_ssh_server
  restart_ssh_service

  echo "Fail2Ban e SSH foram instalados e configurados com sucesso."
}

main