diff --git a/README.md b/README.md index 0b8adec..2f56a9b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,8 @@ -# PerroChivato - fail2ban ssh abuse with email to provider - -## ANTIBOTNET SYSTEM +# HatThieves `fail2ban` with abuse reporting system ## Config -### edit `entrypoint.sh` with your smtp settings +#### edit [entrypoint.sh](fail2ban/entrypoint.sh) with your smtp settings ## Expose jail ``` diff --git a/docker-compose.yml b/docker-compose.yml index 8c1d626..486cd67 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,14 +6,13 @@ services: hostname: fail2ban container_name: fail2ban restart: always - privileged: true entrypoint: - /bin/bash - /etc/fail2ban/entrypoint.sh volumes: - ./fail2ban/entrypoint.sh:/etc/fail2ban/entrypoint.sh:ro - ./fail2ban/sshd_config:/etc/ssh/sshd_config:ro - ports: - - 22:22/tcp - - 2222:2222/tcp + cap_add: + - NET_ADMIN + - NET_RAW network_mode: host diff --git a/fail2ban/Dockerfile b/fail2ban/Dockerfile index faba2eb..566714b 100644 --- a/fail2ban/Dockerfile +++ b/fail2ban/Dockerfile @@ -1,3 +1,3 @@ FROM debian:sid-slim -RUN apt update && apt -y upgrade && apt -y install fail2ban openssh-server rsyslog swaks host python3-pyinotify && apt clean +RUN apt update && apt -y upgrade && apt -y install fail2ban openssh-server rsyslog swaks host python3-pyinotify iptables && apt clean WORKDIR /etc/fail2ban diff --git a/fail2ban/entrypoint.sh b/fail2ban/entrypoint.sh index 004b438..e147bab 100644 --- a/fail2ban/entrypoint.sh +++ b/fail2ban/entrypoint.sh @@ -118,7 +118,8 @@ logpath = /dev/null" > action.d/sendmail-abuse.conf echo "[sshd] enabled = true bantime = 10800 -maxretry = 4 +findtime = 1800 +maxretry = 2 ignoreip = $DOMAIN backend = pyinotify filter = sshd