1
0
mirror of https://github.com/tommytran732/Pterodactyl-Script synced 2024-11-22 02:21:33 -05:00

Add Fail2ban rules for wings

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-12-16 15:47:10 -05:00
parent bb5078e348
commit 8627d65ac1
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
2 changed files with 32 additions and 4 deletions

View File

@ -15,6 +15,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
- Daemon installation - Daemon installation
- Daemon upgrade - Daemon upgrade
- Basic firewall configuration - Basic firewall configuration
- Fail2ban for SSH and Wings
- Automatic LetsEncrypt certificate generation - Automatic LetsEncrypt certificate generation
- MariaDB SSL - MariaDB SSL
- HSTS enabled - HSTS enabled
@ -26,9 +27,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
Currently, PHP, Composer, and Redis are installed from Remi's modular repository. As such, they will only get minor version updates with `dnf upgrade` (PHP 8.1.0 -> PHP 8.1.x for example). For updates between major versions of these dependencies, use `dnf module` to change the appstream for these dependencies.<br /> Currently, PHP, Composer, and Redis are installed from Remi's modular repository. As such, they will only get minor version updates with `dnf upgrade` (PHP 8.1.0 -> PHP 8.1.x for example). For updates between major versions of these dependencies, use `dnf module` to change the appstream for these dependencies.<br />
```bash ```bash
dnf module reset php:remi-8.0 dnf module switch-to php:remi-8.1
dnf module install php:remi-8.1
dnf distro-sync
``` ```
NGINX, MariaDB, and Docker-CE uses upstream repositories and will get the latest version available on there automatically. NGINX, MariaDB, and Docker-CE uses upstream repositories and will get the latest version available on there automatically.

View File

@ -449,6 +449,35 @@ WantedBy=multi-user.target
EOF EOF
systemctl enable wings systemctl enable wings
output "Adding Fail2ban rules for Wings SFTP"
echo '[wings]
enabled = true
port = 2022
logpath = /var/log/pterodactyl/wings.log
maxretry = 5
findtime = 3600
bantime = -1
backend = systemd' | tee -a /etc/fail2ban/jail.local
bash -c 'cat > /etc/fail2ban/conf.d/wings.conf' <<-'EOF'
# Fail2Ban filter for wings (Pterodactyl daemon)
#
#
#
# "WARN: [Sep 8 18:51:00.414] failed to validate user credentials (invalid format) ip=<HOST>:51782 subsystem=sftp username=logout"
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = wings
failregex = failed to validate user credentials \([^\)]+\) ip=<HOST>:.* subsystem=sftp username=.*$
ignoreregex =
[Init]
datepattern = \[%%b %%d %%H:%%M:%%S.%%f\]
EOF
systemctl restart fail2ban
output "Wings ${WINGS} has now been installed on your system." output "Wings ${WINGS} has now been installed on your system."
output "You should go to your panel and configure the node now." output "You should go to your panel and configure the node now."
output "If you get `bash: wings: command not found` when running the auto deployment command, replace `wings` with `/usr/local/bin/wings` and it will work." output "If you get `bash: wings: command not found` when running the auto deployment command, replace `wings` with `/usr/local/bin/wings` and it will work."