mirror of
https://github.com/tommytran732/Pterodactyl-Script
synced 2024-11-22 02:21:33 -05:00
Add Fail2ban rules for wings
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
bb5078e348
commit
8627d65ac1
@ -15,6 +15,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
|
|||||||
- Daemon installation
|
- Daemon installation
|
||||||
- Daemon upgrade
|
- Daemon upgrade
|
||||||
- Basic firewall configuration
|
- Basic firewall configuration
|
||||||
|
- Fail2ban for SSH and Wings
|
||||||
- Automatic LetsEncrypt certificate generation
|
- Automatic LetsEncrypt certificate generation
|
||||||
- MariaDB SSL
|
- MariaDB SSL
|
||||||
- HSTS enabled
|
- HSTS enabled
|
||||||
@ -26,9 +27,7 @@ Visit my Matrix group: https://matrix.to/#/#tommy:arcticfoxes.net
|
|||||||
Currently, PHP, Composer, and Redis are installed from Remi's modular repository. As such, they will only get minor version updates with `dnf upgrade` (PHP 8.1.0 -> PHP 8.1.x for example). For updates between major versions of these dependencies, use `dnf module` to change the appstream for these dependencies.<br />
|
Currently, PHP, Composer, and Redis are installed from Remi's modular repository. As such, they will only get minor version updates with `dnf upgrade` (PHP 8.1.0 -> PHP 8.1.x for example). For updates between major versions of these dependencies, use `dnf module` to change the appstream for these dependencies.<br />
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
dnf module reset php:remi-8.0
|
dnf module switch-to php:remi-8.1
|
||||||
dnf module install php:remi-8.1
|
|
||||||
dnf distro-sync
|
|
||||||
```
|
```
|
||||||
|
|
||||||
NGINX, MariaDB, and Docker-CE uses upstream repositories and will get the latest version available on there automatically.
|
NGINX, MariaDB, and Docker-CE uses upstream repositories and will get the latest version available on there automatically.
|
||||||
@ -41,4 +40,4 @@ Ideally, we would want everything to be reproducible from the OS to the Pterodac
|
|||||||
# Supported Distributions
|
# Supported Distributions
|
||||||
Only RHEL 9 and its derivatives (CentOS Stream 9, Rocky Linux 9 , AlmaLinux 9) are supported at the moment. Fedora may get supported in the future if there are interest in it.
|
Only RHEL 9 and its derivatives (CentOS Stream 9, Rocky Linux 9 , AlmaLinux 9) are supported at the moment. Fedora may get supported in the future if there are interest in it.
|
||||||
|
|
||||||
Ubuntu, Debian, and openSUSE are unlikely to get supported, due to them not supporting modular repositories which makes dependency updates cumbersome.
|
Ubuntu, Debian, and openSUSE are unlikely to get supported, due to them not supporting modular repositories which makes dependency updates cumbersome.
|
||||||
|
29
install.sh
29
install.sh
@ -449,6 +449,35 @@ WantedBy=multi-user.target
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
systemctl enable wings
|
systemctl enable wings
|
||||||
|
|
||||||
|
output "Adding Fail2ban rules for Wings SFTP"
|
||||||
|
echo '[wings]
|
||||||
|
enabled = true
|
||||||
|
port = 2022
|
||||||
|
logpath = /var/log/pterodactyl/wings.log
|
||||||
|
maxretry = 5
|
||||||
|
findtime = 3600
|
||||||
|
bantime = -1
|
||||||
|
backend = systemd' | tee -a /etc/fail2ban/jail.local
|
||||||
|
|
||||||
|
bash -c 'cat > /etc/fail2ban/conf.d/wings.conf' <<-'EOF'
|
||||||
|
# Fail2Ban filter for wings (Pterodactyl daemon)
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# "WARN: [Sep 8 18:51:00.414] failed to validate user credentials (invalid format) ip=<HOST>:51782 subsystem=sftp username=logout"
|
||||||
|
#
|
||||||
|
[INCLUDES]
|
||||||
|
before = common.conf
|
||||||
|
[Definition]
|
||||||
|
_daemon = wings
|
||||||
|
failregex = failed to validate user credentials \([^\)]+\) ip=<HOST>:.* subsystem=sftp username=.*$
|
||||||
|
ignoreregex =
|
||||||
|
[Init]
|
||||||
|
datepattern = \[%%b %%d %%H:%%M:%%S.%%f\]
|
||||||
|
EOF
|
||||||
|
systemctl restart fail2ban
|
||||||
|
|
||||||
output "Wings ${WINGS} has now been installed on your system."
|
output "Wings ${WINGS} has now been installed on your system."
|
||||||
output "You should go to your panel and configure the node now."
|
output "You should go to your panel and configure the node now."
|
||||||
output "If you get `bash: wings: command not found` when running the auto deployment command, replace `wings` with `/usr/local/bin/wings` and it will work."
|
output "If you get `bash: wings: command not found` when running the auto deployment command, replace `wings` with `/usr/local/bin/wings` and it will work."
|
||||||
|
Loading…
Reference in New Issue
Block a user