free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fail2ban isn't useful when logging is turned off most of the time

This commit is contained in:
Bob Mottram 2017-08-07 13:56:25 +01:00
parent fb811406e9
commit 8c5aaeddc0
3 changed files with 2 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/freedombone-image-customise
View File

@ -1074,7 +1074,7 @@ function image_setup_utils {
chroot "$rootdir" apt-get -yq install wireless-tools wpasupplicant usbutils cryptsetup zsh
chroot "$rootdir" apt-get -yq install pinentry-curses eatmydata iotop bc hostapd haveged
chroot "$rootdir" apt-get -yq install cpulimit screen elinks libpam-cracklib
chroot "$rootdir" apt-get -yq install fail2ban vim-common python3 unattended-upgrades
chroot "$rootdir" apt-get -yq install vim-common python3 unattended-upgrades
# Tor and ssh over tor
chroot "$rootdir" apt-get -yq install tor connect-proxy

12
src/freedombone-logging
View File

@ -141,10 +141,6 @@ fi
if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
turn_logging_on
if [ -f /etc/fail2ban/fail2ban.conf ]; then
sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
fi
if [ -d /etc/tor ]; then
if [ ! -d /var/log/tor ]; then
mkdir /var/log/tor
@ -252,11 +248,6 @@ else
sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
fi
fi
if [ -f /etc/fail2ban/fail2ban.conf ]; then
sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
$REMOVE_FILES_COMMAND /var/log/fail2ban.*
fi
turn_off_rsys_logging
fi
@ -300,9 +291,6 @@ fi
if [ -d /var/www/radicale ]; then
systemctl restart radicale
fi
if [ -d /etc/fail2ban ]; then
systemctl restart fail2ban
fi
if [ -d /etc/matrix ]; then
systemctl restart matrix
fi

2
src/freedombone-utils-ssh
View File

@ -121,7 +121,7 @@ function configure_ssh {
sed -i 's|#UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
sed -i 's|UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
apt-get -yq install fail2ban vim-common
apt-get -yq install vim-common
function_check configure_firewall_for_ssh
configure_firewall_for_ssh