mirror of
https://github.com/tommytran732/Pterodactyl-Script
synced 2024-10-06 15:22:47 -04:00
Add Fail2ban rules for wings
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
bb5078e348
commit
8627d65ac1
@ -15,6 +15,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
|
||||
- Daemon installation
|
||||
- Daemon upgrade
|
||||
- Basic firewall configuration
|
||||
- Fail2ban for SSH and Wings
|
||||
- Automatic LetsEncrypt certificate generation
|
||||
- MariaDB SSL
|
||||
- HSTS enabled
|
||||
@ -26,9 +27,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
|
||||
Currently, PHP, Composer, and Redis are installed from Remi's modular repository. As such, they will only get minor version updates with `dnf upgrade` (PHP 8.1.0 -> PHP 8.1.x for example). For updates between major versions of these dependencies, use `dnf module` to change the appstream for these dependencies.<br />
|
||||
|
||||
```bash
|
||||
dnf module reset php:remi-8.0
|
||||
dnf module install php:remi-8.1
|
||||
dnf distro-sync
|
||||
dnf module switch-to php:remi-8.1
|
||||
```
|
||||
|
||||
NGINX, MariaDB, and Docker-CE uses upstream repositories and will get the latest version available on there automatically.
|
||||
@ -41,4 +40,4 @@ Ideally, we would want everything to be reproducible from the OS to the Pterodac
|
||||
# Supported Distributions
|
||||
Only RHEL 9 and its derivatives (CentOS Stream 9, Rocky Linux 9 , AlmaLinux 9) are supported at the moment. Fedora may get supported in the future if there are interest in it.
|
||||
|
||||
Ubuntu, Debian, and openSUSE are unlikely to get supported, due to them not supporting modular repositories which makes dependency updates cumbersome.
|
||||
Ubuntu, Debian, and openSUSE are unlikely to get supported, due to them not supporting modular repositories which makes dependency updates cumbersome.
|
||||
|
29
install.sh
29
install.sh
@ -449,6 +449,35 @@ WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable wings
|
||||
|
||||
output "Adding Fail2ban rules for Wings SFTP"
|
||||
echo '[wings]
|
||||
enabled = true
|
||||
port = 2022
|
||||
logpath = /var/log/pterodactyl/wings.log
|
||||
maxretry = 5
|
||||
findtime = 3600
|
||||
bantime = -1
|
||||
backend = systemd' | tee -a /etc/fail2ban/jail.local
|
||||
|
||||
bash -c 'cat > /etc/fail2ban/conf.d/wings.conf' <<-'EOF'
|
||||
# Fail2Ban filter for wings (Pterodactyl daemon)
|
||||
#
|
||||
#
|
||||
#
|
||||
# "WARN: [Sep 8 18:51:00.414] failed to validate user credentials (invalid format) ip=<HOST>:51782 subsystem=sftp username=logout"
|
||||
#
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
[Definition]
|
||||
_daemon = wings
|
||||
failregex = failed to validate user credentials \([^\)]+\) ip=<HOST>:.* subsystem=sftp username=.*$
|
||||
ignoreregex =
|
||||
[Init]
|
||||
datepattern = \[%%b %%d %%H:%%M:%%S.%%f\]
|
||||
EOF
|
||||
systemctl restart fail2ban
|
||||
|
||||
output "Wings ${WINGS} has now been installed on your system."
|
||||
output "You should go to your panel and configure the node now."
|
||||
output "If you get `bash: wings: command not found` when running the auto deployment command, replace `wings` with `/usr/local/bin/wings` and it will work."
|
||||
|
Loading…
Reference in New Issue
Block a user