diff options
Diffstat (limited to 'archsetup')
| -rwxr-xr-x | archsetup | 28 |
1 files changed, 28 insertions, 0 deletions
@@ -633,6 +633,34 @@ essential_services() { action="starting the openssh service" && display "task" "$action" systemctl start sshd >> "$logfile" 2>&1 || error "error" "$action" "$?" + # SSH Brute Force Protection + + display "subtitle" "SSH Brute Force Protection" + pacman_install fail2ban + + action="configuring fail2ban for SSH protection" && display "task" "$action" + cat << 'EOF' > /etc/fail2ban/jail.local +[DEFAULT] +# Ban for 10 minutes by default +bantime = 10m +findtime = 10m +maxretry = 5 +# Use ufw for ban actions +banaction = ufw + +[sshd] +enabled = true +port = ssh +# Stricter settings for SSH: 3 attempts, 1 hour ban +maxretry = 3 +bantime = 1h +EOF + + action="enabling fail2ban service" && display "task" "$action" + systemctl enable fail2ban >> "$logfile" 2>&1 || error "error" "$action" "$?" + action="starting fail2ban service" && display "task" "$action" + systemctl start fail2ban >> "$logfile" 2>&1 || error "error" "$action" "$?" + # Firewall # deny all connections by default, then allow the following: |