|
|
- #!/usr/bin/env bash
- #
- # install mcp
- #
- #
-
- set -o errexit
- set -o pipefail
- set -o nounset
-
- # installing dependencies
- apt install -y php-cli php-mbstring php-dom git unzip curl composer ufw fail2ban
-
- #
- # configure ufw and start
- #
- #
- ufw allow ssh
- service ufw start
- echo "y" | ufw enable
-
- #
- # configure fail2ban and start
- #
- #
- cat > /etc/fail2ban/jail.local << EOF
- [default]
- # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
- # ban a host which matches an address in this list. Several addresses can be
- # defined using space separator.
- ignoreip = 127.0.0.1/8
-
- # "bantime" is the number of seconds that a host is banned.
- bantime = 3600
-
- banaction = ufw
-
- # The length of time between login attempts before a ban is set.
- # For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
- # those 3 attempts must occur within the set 10-minute findtime limit.
- # The findtime value should be a set number of seconds.
- findtime = 600
-
- maxretry = 5
-
- [ssh]
- enabled = true
- port = ssh
- filter = sshd
- logpath = /var/log/auth-fail2ban.log
- EOF
-
- cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d
- touch /var/log/fail2ban.log
- service fail2ban start
-
- echo -e "MCP installed"
|