#!/usr/bin/env bash
|
|
#
|
|
# install mcp
|
|
#
|
|
#
|
|
|
|
set -o errexit
|
|
set -o pipefail
|
|
set -o nounset
|
|
|
|
# installing dependencies
|
|
apt install -y php-cli php-mbstring php-dom git unzip curl composer ufw fail2ban
|
|
|
|
#
|
|
# configure ufw and start
|
|
#
|
|
#
|
|
ufw allow ssh
|
|
service ufw start
|
|
echo "y" | ufw enable
|
|
|
|
#
|
|
# configure fail2ban and start
|
|
#
|
|
#
|
|
cat > /etc/fail2ban/jail.local << EOF
|
|
[default]
|
|
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
|
|
# ban a host which matches an address in this list. Several addresses can be
|
|
# defined using space separator.
|
|
ignoreip = 127.0.0.1/8
|
|
|
|
# "bantime" is the number of seconds that a host is banned.
|
|
bantime = 3600
|
|
|
|
banaction = ufw
|
|
|
|
# The length of time between login attempts before a ban is set.
|
|
# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
|
|
# those 3 attempts must occur within the set 10-minute findtime limit.
|
|
# The findtime value should be a set number of seconds.
|
|
findtime = 600
|
|
|
|
maxretry = 5
|
|
|
|
[ssh]
|
|
enabled = true
|
|
port = ssh
|
|
filter = sshd
|
|
logpath = /var/log/auth-fail2ban.log
|
|
EOF
|
|
|
|
service fail2ban start
|
|
|
|
echo -e "MCP installed"
|