v0.1

README.md

@@ -1,10 +1,8 @@
-# PerroChivato - fail2ban ssh abuse with email to provider
+# HatThieves `fail2ban` with abuse reporting system
-
-## ANTIBOTNET SYSTEM
 
 ## Config
 
-### edit `entrypoint.sh` with your smtp settings
+#### edit [entrypoint.sh](fail2ban/entrypoint.sh) with your smtp settings
 
 ## Expose jail
 ```

docker-compose.yml

@@ -6,14 +6,13 @@ services:
     hostname: fail2ban
     container_name: fail2ban
     restart: always
-    privileged: true
     entrypoint:
       - /bin/bash
       - /etc/fail2ban/entrypoint.sh
     volumes:
       - ./fail2ban/entrypoint.sh:/etc/fail2ban/entrypoint.sh:ro
       - ./fail2ban/sshd_config:/etc/ssh/sshd_config:ro
-    ports:
+    cap_add:
-      - 22:22/tcp
+      - NET_ADMIN
-      - 2222:2222/tcp
+      - NET_RAW
     network_mode: host

fail2ban/Dockerfile

@@ -1,3 +1,3 @@
 FROM debian:sid-slim
-RUN apt update && apt -y upgrade && apt -y install fail2ban openssh-server rsyslog swaks host python3-pyinotify && apt clean
+RUN apt update && apt -y upgrade && apt -y install fail2ban openssh-server rsyslog swaks host python3-pyinotify iptables && apt clean
 WORKDIR /etc/fail2ban

fail2ban/entrypoint.sh

@@ -118,7 +118,8 @@ logpath = /dev/null" > action.d/sendmail-abuse.conf
 echo "[sshd]
 enabled = true
 bantime = 10800
-maxretry = 4
+findtime = 1800
+maxretry = 2
 ignoreip = $DOMAIN
 backend = pyinotify
 filter = sshd