derped/nixos
1
0
Fork 0
Code Releases Activity

fail2ban: Fix some broken jails (socket based sshd is still broken).

Browse source
This commit is contained in:
Kevin Baensch 2020-03-27 13:36:53 +01:00
parent 2d0555e589
commit 8dd3071c89
Signed by: derped
GPG key ID: C0F1D326C7626543
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
services/fail2ban.nix
View file

@ -11,7 +11,6 @@ in mkIf (elem "fail2ban" cfg.services) {
jails = { jails = {
DEFAULT = '' DEFAULT = ''
bantime = 3600 bantime = 3600
ignoreip = 127.0.0.1
blocktype = DROP blocktype = DROP
logpath = /var/log/auth.log logpath = /var/log/auth.log
''; '';
@ -61,6 +60,15 @@ in mkIf (elem "fail2ban" cfg.services) {
}; };
}; };
environment.etc."fail2ban/filter.d/sshd-ddos.conf" = {
enable = (active "openssh");
text = ''
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
ignoreregex =
'';
};
environment.etc."fail2ban/filter.d/postfix-sasl.conf" = { environment.etc."fail2ban/filter.d/postfix-sasl.conf" = {
enable = (active "mailserver"); enable = (active "mailserver");
text = '' text = ''