free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

fail2ban isn't useful when logging is turned off most of the time

Bob Mottram 8 years ago
parent
fb811406e9
commit
8c5aaeddc0
3 changed files with 2 additions and 14 deletions
Unified View Show Diff Stats
  1. 1
    1
      src/freedombone-image-customise
  2. 0
    12
      src/freedombone-logging
  3. 1
    1
      src/freedombone-utils-ssh

+ 1
- 1
src/freedombone-image-customise View File

1074 
     chroot "$rootdir" apt-get -yq install wireless-tools wpasupplicant usbutils cryptsetup zsh
 1074 
     chroot "$rootdir" apt-get -yq install wireless-tools wpasupplicant usbutils cryptsetup zsh
1075 
     chroot "$rootdir" apt-get -yq install pinentry-curses eatmydata iotop bc hostapd haveged
 1075 
     chroot "$rootdir" apt-get -yq install pinentry-curses eatmydata iotop bc hostapd haveged
1076 
     chroot "$rootdir" apt-get -yq install cpulimit screen elinks libpam-cracklib
 1076 
     chroot "$rootdir" apt-get -yq install cpulimit screen elinks libpam-cracklib
1077 
-    chroot "$rootdir" apt-get -yq install fail2ban vim-common python3 unattended-upgrades
1077 
+    chroot "$rootdir" apt-get -yq install vim-common python3 unattended-upgrades
1078
1078
1079 
     # Tor and ssh over tor
 1079 
     # Tor and ssh over tor
1080 
     chroot "$rootdir" apt-get -yq install tor connect-proxy
 1080 
     chroot "$rootdir" apt-get -yq install tor connect-proxy

+ 0
- 12
src/freedombone-logging View File

141 
 if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
 141 
 if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
142 
     turn_logging_on
 142 
     turn_logging_on
143
143
144 
-    if [ -f /etc/fail2ban/fail2ban.conf ]; then
145 
-        sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
146 
-        sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
147 
-    fi
148 
     if [ -d /etc/tor ]; then
 144 
     if [ -d /etc/tor ]; then
149 
         if [ ! -d /var/log/tor ]; then
 145 
         if [ ! -d /var/log/tor ]; then
150 
             mkdir /var/log/tor
 146 
             mkdir /var/log/tor
252 
             sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
 248 
             sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
253 
         fi
 249 
         fi
254 
     fi
 250 
     fi
255 
-    if [ -f /etc/fail2ban/fail2ban.conf ]; then
256 
-        sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
257 
-        sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
258 
-        $REMOVE_FILES_COMMAND /var/log/fail2ban.*
259 
-    fi
260 
     turn_off_rsys_logging
 251 
     turn_off_rsys_logging
261 
 fi
 252 
 fi
262
253
300 
 if [ -d /var/www/radicale ]; then
 291 
 if [ -d /var/www/radicale ]; then
301 
     systemctl restart radicale
 292 
     systemctl restart radicale
302 
 fi
 293 
 fi
303 
-if [ -d /etc/fail2ban ]; then
304 
-    systemctl restart fail2ban
305 
-fi
306 
 if [ -d /etc/matrix ]; then
 294 
 if [ -d /etc/matrix ]; then
307 
     systemctl restart matrix
 295 
     systemctl restart matrix
308 
 fi
 296 
 fi

+ 1
- 1
src/freedombone-utils-ssh View File

121 
     sed -i 's|#UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
 121 
     sed -i 's|#UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
122 
     sed -i 's|UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
 122 
     sed -i 's|UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
123
123
124 
-    apt-get -yq install fail2ban vim-common
124 
+    apt-get -yq install vim-common
125
125
126 
     function_check configure_firewall_for_ssh
 126 
     function_check configure_firewall_for_ssh
127 
     configure_firewall_for_ssh
 127 
     configure_firewall_for_ssh