szukalski · November 2, 2024 18:31
diff --git a/fail2ban-ufw-logwatch.sh b/fail2ban-ufw-logwatch.sh
 #!/bin/bash
 # Run as root

 if [ "$#" -ne 1 ];
 then
 	echo "Usage: <script> <username>"
 	exit 1
 fi
 USER=$1
 [email protected]
 PASSWORD=your.email.password
 SMTP_RELAY=smtp.gmail.com

 apt-get update -y
 apt-get dist-upgrade -y
 apt-get install -y screen vim ntp
 sed -i.bak 's/prohibit-password/no/' /etc/ssh/sshd_config
 groupadd sshlogin
 usermod -a -G sshlogin $USER
 echo "AllowGroups sshlogin" >> /etc/ssh/sshd_config
 service ssh restart
 echo "IPV6=no" >> /etc/ufw/ufw.conf
 ufw allow OpenSSH
 ufw --force enable

 apt-get install fail2ban -y

 cat << 'EOF'>> /etc/fail2ban/action.d/ufw-ssh.conf
 [Definition]
 actionstart =
 actionstop =
 actioncheck =
 actionban = ufw insert 1 deny from <ip> to any app OpenSSH
 actionunban = ufw delete deny from <ip> to any app OpenSSH
 EOF

 cat << 'EOF'>> /etc/fail2ban/filter.d/f2b-loop.conf
 # Fail2Ban configuration file for subsequent bans
 #
 [INCLUDES]
 before = common.conf
 [Definition]
 failregex = \]\s+Ban\s+<HOST>
 ignoreregex = \[f2b-loop.*\]\s+Ban\s+<HOST>
 #
 # Author: Walter Heitman Jr.  http://blog.shanock.com
 EOF

 cat << 'EOF'>> /etc/fail2ban/jail.conf

 [ufw-ssh]
 enabled = true
 banaction = ufw-ssh
 port = 22
 filter = sshd
 logpath = /var/log/auth.log
 maxretry = 3

 [f2b-loop2]
 enabled = true
 filter = f2b-loop
 bantime = 86400 ;1 day
 findtime = 604800 ;1 week
 logpath = /var/log/fail2ban.log
 maxretry = 2

 [f2b-loop3]
 enabled = true
 filter = f2b-loop
 bantime = 604800 ;1 week
 findtime = 2592000 ;1 month
 logpath = /var/log/fail2ban.log
 maxretry = 3

 [f2b-loop4]
 enabled = true
 filter = f2b-loop
 bantime = 2592000 ;1 month
 findtime = 15552000 ;6 months
 logpath = /var/log/fail2ban.log
 maxretry = 6
 EOF

 service fail2ban restart

 apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules ca-certificates -y
 sed -i.bak "s/relayhost =/relayhost = [$SMTP_RELAY]:587/" /etc/postfix/main.cf

 cat << 'EOF'>> /etc/postfix/main.cf
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 smtp_tls_CAfile = /etc/postfix/cacert.pem
 smtp_use_tls = yes
 EOF

 echo "[$SMTP_RELAY]:587    $EMAIL:$PASSWORD" >> /etc/postfix/sasl_passwd

 chmod 400 /etc/postfix/sasl_passwd
 postmap /etc/postfix/sasl_passwd
 wget -O /etc/ssl/certs/Thawte_Premium_Server_CA.pem https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
 cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem
 service postfix restart

 apt-get install logwatch -y
 mkdir /var/cache/logwatch
 cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
 sed -i.bak "s/MailTo = root/MailTo = $EMAIL/" /etc/logwatch/conf/logwatch.conf
 #sed -i 's/Detail = Low/Detail = Low/' /etc/logwatch/conf/logwatch.conf
	#!/bin/bash
	# Run as root

	if [ "$#" -ne 1 ];
	then
	echo "Usage: <script> <username>"
	exit 1
	fi
	USER=$1
	[email protected]
	PASSWORD=your.email.password
	SMTP_RELAY=smtp.gmail.com

	apt-get update -y
	apt-get dist-upgrade -y
	apt-get install -y screen vim ntp
	sed -i.bak 's/prohibit-password/no/' /etc/ssh/sshd_config
	groupadd sshlogin
	usermod -a -G sshlogin $USER
	echo "AllowGroups sshlogin" >> /etc/ssh/sshd_config
	service ssh restart
	echo "IPV6=no" >> /etc/ufw/ufw.conf
	ufw allow OpenSSH
	ufw --force enable

	apt-get install fail2ban -y

	cat << 'EOF'>> /etc/fail2ban/action.d/ufw-ssh.conf
	[Definition]
	actionstart =
	actionstop =
	actioncheck =
	actionban = ufw insert 1 deny from <ip> to any app OpenSSH
	actionunban = ufw delete deny from <ip> to any app OpenSSH
	EOF

	cat << 'EOF'>> /etc/fail2ban/filter.d/f2b-loop.conf
	# Fail2Ban configuration file for subsequent bans
	#
	[INCLUDES]
	before = common.conf
	[Definition]
	failregex = \]\s+Ban\s+<HOST>
	ignoreregex = \[f2b-loop.*\]\s+Ban\s+<HOST>
	#
	# Author: Walter Heitman Jr. http://blog.shanock.com
	EOF

	cat << 'EOF'>> /etc/fail2ban/jail.conf

	[ufw-ssh]
	enabled = true
	banaction = ufw-ssh
	port = 22
	filter = sshd
	logpath = /var/log/auth.log
	maxretry = 3

	[f2b-loop2]
	enabled = true
	filter = f2b-loop
	bantime = 86400 ;1 day
	findtime = 604800 ;1 week
	logpath = /var/log/fail2ban.log
	maxretry = 2

	[f2b-loop3]
	enabled = true
	filter = f2b-loop
	bantime = 604800 ;1 week
	findtime = 2592000 ;1 month
	logpath = /var/log/fail2ban.log
	maxretry = 3

	[f2b-loop4]
	enabled = true
	filter = f2b-loop
	bantime = 2592000 ;1 month
	findtime = 15552000 ;6 months
	logpath = /var/log/fail2ban.log
	maxretry = 6
	EOF

	service fail2ban restart

	apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules ca-certificates -y
	sed -i.bak "s/relayhost =/relayhost = [$SMTP_RELAY]:587/" /etc/postfix/main.cf

	cat << 'EOF'>> /etc/postfix/main.cf
	smtp_sasl_auth_enable = yes
	smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
	smtp_sasl_security_options = noanonymous
	smtp_tls_CAfile = /etc/postfix/cacert.pem
	smtp_use_tls = yes
	EOF

	echo "[$SMTP_RELAY]:587 $EMAIL:$PASSWORD" >> /etc/postfix/sasl_passwd

	chmod 400 /etc/postfix/sasl_passwd
	postmap /etc/postfix/sasl_passwd
	wget -O /etc/ssl/certs/Thawte_Premium_Server_CA.pem https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
	cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem \| tee -a /etc/postfix/cacert.pem
	service postfix restart

	apt-get install logwatch -y
	mkdir /var/cache/logwatch
	cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
	sed -i.bak "s/MailTo = root/MailTo = $EMAIL/" /etc/logwatch/conf/logwatch.conf
	#sed -i 's/Detail = Low/Detail = Low/' /etc/logwatch/conf/logwatch.conf