From 96e02eeb10012b8a131dffc34efb2bc205ed6eb4 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <m.ochse@telekom.de>
Date: Fri, 22 Jun 2018 16:14:39 +0000
Subject: [PATCH] add fail2ban to installer

---
 iso/installer/install.sh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index 0196dd37..fa562225 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -131,7 +131,7 @@ fi
 
 # Let's check if all dependencies are met
 function fuGET_DEPS {
-local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
+local myPACKAGES="apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io docker-compose dstat ethtool fail2ban genisoimage git glances grc html2text htop ifupdown iptables iw jq libcrack2 libltdl7 lm-sensors man multitail net-tools npm ntp openssh-server openssl pass prips syslinux psmisc pv python-pip unattended-upgrades unzip vim wireless-tools wpasupplicant"
 echo
 echo "### Getting update information."
 echo
@@ -680,6 +680,23 @@ net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1
 EOF
 
+# Let's setup fail2ban config
+dialog --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF <<EOF
+EOF
+tee /etc/fail2ban/jail.d/tpot.conf 2>&1>/dev/null <<EOF
+[DEFAULT]
+ignoreip = 127.0.0.1/8
+bantime = 3600
+findtime = 600
+maxretry = 5
+
+[sshd]
+enabled = true
+port    = 64295
+filter  = sshd
+logpath = /var/log/auth.log
+EOF
+
 # Let's add some cronjobs
 dialog --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF <<EOF
 EOF