ssh

docker-compose.yml

@@ -11,8 +11,10 @@ services:
       - /etc/fail2ban/entrypoint.sh
     volumes:
       - ./fail2ban/entrypoint.sh:/etc/fail2ban/entrypoint.sh
+      - ./fail2ban/sshd_config:/etc/ssh/sshd_config
     ports:
       - 22:22/tcp
+      - 2222:2222/tcp
     networks:
       mynet:
         ipv4_address: 172.24.0.101

fail2ban/entrypoint.sh

@@ -30,9 +30,9 @@ fi
 # Send email
 if [ \$ABUSE_ADDR ]; then
 #sendmail -t -i -f \$SENDER_MAIL \$ABUSE_ADDR << EOF
-swaks -f \$SENDER_MAIL -t \"\$ABUSE_ADDR\" --tlsc -au $USER -ap $PASS -s $SMTP -p 465
+swaks -f \$SENDER_MAIL -t \"\$ABUSE_ADDR,webmaster@$DOMAIN\" --tlsc -au $USER -ap $PASS -s $SMTP -p 465
 --h-Subject \"[Urgent]: Automatic abuse report for IP address \$REMOTE_IP from $DOMAIN, please read\" --h-From \"Fail2Ban $DOMAIN <\$SENDER_MAIL>\"
---h-Bcc \"webmail@$DOMAIN\" --h-To \$ABUSE_ADDR --body
+--h-Bcc \"webmaster@$DOMAIN\" --h-To \$ABUSE_ADDR --body
 \"This is an automatic email abuse report about the IP address \$REMOTE_IP generated at \$DATE, please do not reply.
 You get this email because you are listed as the official and popular abuse email contact for this concrete IP address.
 

fail2ban/sshd_config

@@ -0,0 +1,10 @@
+Port 22
+Port 2222
+PermitRootLogin no
+ChallengeResponseAuthentication yes
+UsePAM yes
+X11Forwarding no
+X11UseLocalhost no
+PrintMotd no
+AcceptEnv LANG LC_*
+PasswordAuthentication yes