free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

fail2ban isn't useful when logging is turned off most of the time

Bob Mottram 8 年前
父节点
fb811406e9
当前提交
8c5aaeddc0
共有 3 个文件被更改,包括 2 次插入14 次删除
分列视图 显示文件统计
  1. 1
    1
      src/freedombone-image-customise
  2. 0
    12
      src/freedombone-logging
  3. 1
    1
      src/freedombone-utils-ssh

+ 1
- 1
src/freedombone-image-customise 查看文件 

@@ -1074,7 +1074,7 @@ function image_setup_utils {
1074 1074 
     chroot "$rootdir" apt-get -yq install wireless-tools wpasupplicant usbutils cryptsetup zsh
1075 1075 
     chroot "$rootdir" apt-get -yq install pinentry-curses eatmydata iotop bc hostapd haveged
1076 1076 
     chroot "$rootdir" apt-get -yq install cpulimit screen elinks libpam-cracklib
1077 
-    chroot "$rootdir" apt-get -yq install fail2ban vim-common python3 unattended-upgrades
1077 
+    chroot "$rootdir" apt-get -yq install vim-common python3 unattended-upgrades
1078 1078
1079 1079 
     # Tor and ssh over tor
1080 1080 
     chroot "$rootdir" apt-get -yq install tor connect-proxy

+ 0
- 12
src/freedombone-logging 查看文件 

@@ -141,10 +141,6 @@ fi
141 141 
 if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
142 142 
     turn_logging_on
143 143
144 
-    if [ -f /etc/fail2ban/fail2ban.conf ]; then
145 
-        sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
146 
-        sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
147 
-    fi
148 144 
     if [ -d /etc/tor ]; then
149 145 
         if [ ! -d /var/log/tor ]; then
150 146 
             mkdir /var/log/tor
 
@@ -252,11 +248,6 @@ else
252 248 
             sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
253 249 
         fi
254 250 
     fi
255 
-    if [ -f /etc/fail2ban/fail2ban.conf ]; then
256 
-        sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
257 
-        sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
258 
-        $REMOVE_FILES_COMMAND /var/log/fail2ban.*
259 
-    fi
260 251 
     turn_off_rsys_logging
261 252 
 fi
262 253 
 
@@ -300,9 +291,6 @@ fi
300 291 
 if [ -d /var/www/radicale ]; then
301 292 
     systemctl restart radicale
302 293 
 fi
303 
-if [ -d /etc/fail2ban ]; then
304 
-    systemctl restart fail2ban
305 
-fi
306 294 
 if [ -d /etc/matrix ]; then
307 295 
     systemctl restart matrix
308 296 
 fi

+ 1
- 1
src/freedombone-utils-ssh 查看文件 

@@ -121,7 +121,7 @@ function configure_ssh {
121 121 
     sed -i 's|#UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
122 122 
     sed -i 's|UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
123 123
124 
-    apt-get -yq install fail2ban vim-common
124 
+    apt-get -yq install vim-common
125 125
126 126 
     function_check configure_firewall_for_ssh
127 127 
     configure_firewall_for_ssh