security Archives - bytesmith17

run the following command

nano /fail2ban.sh

Copy and paste the script below.

#!/bin/bash

# Fail2Ban auto-install and setup script (no sudo)

# Step 1: Update package list and install Fail2Ban and rsyslog
apt update && apt install fail2ban rsyslog -y

# Step 2: Ensure rsyslog is running and enabled on boot
systemctl start rsyslog
systemctl enable rsyslog

# Step 3: Configure rsyslog to log auth messages
if ! grep -q "^auth,authpriv.*" /etc/rsyslog.conf; then
    echo "auth,authpriv.*   /var/log/auth.log" >> /etc/rsyslog.conf
    echo "Configured rsyslog to log authentication messages."
fi

# Restart rsyslog to apply changes
systemctl restart rsyslog

# Step 4: Copy the default jail.conf to jail.local to prevent overwriting in updates
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# Step 5: Configure the SSH jail and other settings in jail.local
if ! grep -q "^\[DEFAULT\]" /etc/fail2ban/jail.local; then
    echo -e "\n[DEFAULT]\n" >> /etc/fail2ban/jail.local
fi

# Check and set bantime if it doesn't exist
if ! grep -q "^bantime" /etc/fail2ban/jail.local; then
    echo "bantime = 24h" >> /etc/fail2ban/jail.local
else
    sed -i 's/^bantime.*/bantime = 24h/' /etc/fail2ban/jail.local
fi

# Check and set findtime if it doesn't exist
if ! grep -q "^findtime" /etc/fail2ban/jail.local; then
    echo "findtime = 10m" >> /etc/fail2ban/jail.local
else
    sed -i 's/^findtime.*/findtime = 10m/' /etc/fail2ban/jail.local
fi

# Check and set maxretry if it doesn't exist
if ! grep -q "^maxretry" /etc/fail2ban/jail.local; then
    echo "maxretry = 5" >> /etc/fail2ban/jail.local
else
    sed -i 's/^maxretry.*/maxretry = 5/' /etc/fail2ban/jail.local
fi

# Configure the SSH jail
if ! grep -q "^\[sshd\]" /etc/fail2ban/jail.local; then
    echo -e "\n[sshd]\nenabled = true\nlogpath = /var/log/auth.log\n" >> /etc/fail2ban/jail.local
else
    sed -i 's/^enabled.*/enabled = true/' /etc/fail2ban/jail.local
    sed -i 's|^logpath.*|logpath = /var/log/auth.log|' /etc/fail2ban/jail.local
fi

# Step 6: Ensure SSH logging is enabled in /etc/ssh/sshd_config
# Handle LogLevel
if grep -q "^#LogLevel" /etc/ssh/sshd_config; then
    sed -i 's/^#LogLevel.*/LogLevel INFO/' /etc/ssh/sshd_config
elif grep -q "^LogLevel" /etc/ssh/sshd_config; then
    sed -i 's/^LogLevel.*/LogLevel INFO/' /etc/ssh/sshd_config
else
    echo "LogLevel INFO" >> /etc/ssh/sshd_config
fi

# Handle SyslogFacility
if grep -q "^#SyslogFacility" /etc/ssh/sshd_config; then
    sed -i 's/^#SyslogFacility.*/SyslogFacility AUTH/' /etc/ssh/sshd_config
elif grep -q "^SyslogFacility" /etc/ssh/sshd_config; then
    sed -i 's/^SyslogFacility.*/SyslogFacility AUTH/' /etc/ssh/sshd_config
else
    echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
fi

# Step 7: Restart SSH and Fail2Ban services to apply the changes
systemctl restart sshd
systemctl restart fail2ban

# Step 8: Enable Fail2Ban on boot
systemctl enable fail2ban

echo "Fail2Ban and rsyslog have been installed and configured successfully."

CTRL + O Then CTRL + X to Save and Close the file.

Now run the following command to sent the scripts permissions

chmod 755 /fail2ban.sh

Now we need to run the script to automatically install and setup fail2ban

./fail2ban.sh

Tag: security

Linux – Fail2Ban Auto Installation Script V1.0