1
0
mirror of https://github.com/tommytran732/Pterodactyl-Script synced 2024-10-06 15:22:47 -04:00

Add Fail2ban rules for wings

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-12-16 15:47:10 -05:00
parent bb5078e348
commit 8627d65ac1
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
2 changed files with 32 additions and 4 deletions

View File

@ -15,6 +15,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
- Daemon installation
- Daemon upgrade
- Basic firewall configuration
- Fail2ban for SSH and Wings
- Automatic LetsEncrypt certificate generation
- MariaDB SSL
- HSTS enabled
@ -26,9 +27,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
Currently, PHP, Composer, and Redis are installed from Remi's modular repository. As such, they will only get minor version updates with `dnf upgrade` (PHP 8.1.0 -> PHP 8.1.x for example). For updates between major versions of these dependencies, use `dnf module` to change the appstream for these dependencies.<br />
```bash
dnf module reset php:remi-8.0
dnf module install php:remi-8.1
dnf distro-sync
dnf module switch-to php:remi-8.1
```
NGINX, MariaDB, and Docker-CE uses upstream repositories and will get the latest version available on there automatically.
@ -41,4 +40,4 @@ Ideally, we would want everything to be reproducible from the OS to the Pterodac
# Supported Distributions
Only RHEL 9 and its derivatives (CentOS Stream 9, Rocky Linux 9 , AlmaLinux 9) are supported at the moment. Fedora may get supported in the future if there are interest in it.
Ubuntu, Debian, and openSUSE are unlikely to get supported, due to them not supporting modular repositories which makes dependency updates cumbersome.
Ubuntu, Debian, and openSUSE are unlikely to get supported, due to them not supporting modular repositories which makes dependency updates cumbersome.

View File

@ -449,6 +449,35 @@ WantedBy=multi-user.target
EOF
systemctl enable wings
output "Adding Fail2ban rules for Wings SFTP"
echo '[wings]
enabled = true
port = 2022
logpath = /var/log/pterodactyl/wings.log
maxretry = 5
findtime = 3600
bantime = -1
backend = systemd' | tee -a /etc/fail2ban/jail.local
bash -c 'cat > /etc/fail2ban/conf.d/wings.conf' <<-'EOF'
# Fail2Ban filter for wings (Pterodactyl daemon)
#
#
#
# "WARN: [Sep 8 18:51:00.414] failed to validate user credentials (invalid format) ip=<HOST>:51782 subsystem=sftp username=logout"
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = wings
failregex = failed to validate user credentials \([^\)]+\) ip=<HOST>:.* subsystem=sftp username=.*$
ignoreregex =
[Init]
datepattern = \[%%b %%d %%H:%%M:%%S.%%f\]
EOF
systemctl restart fail2ban
output "Wings ${WINGS} has now been installed on your system."
output "You should go to your panel and configure the node now."
output "If you get `bash: wings: command not found` when running the auto deployment command, replace `wings` with `/usr/local/bin/wings` and it will work."