derped/nixos
1
0
Fork 0
Code Releases Activity

fail2ban: Fix some broken jails (socket based sshd is still broken).

Browse source
This commit is contained in:
Kevin Baensch 2020-03-27 13:36:53 +01:00
parent 2d0555e589
commit 8dd3071c89
Signed by: derped
GPG key ID: C0F1D326C7626543
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
services/fail2ban.nix
View file

@ -8,10 +8,9 @@ let
in mkIf (elem "fail2ban" cfg.services) { in mkIf (elem "fail2ban" cfg.services) {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
jails = { jails = {
DEFAULT = '' DEFAULT = ''
bantime = 3600 bantime = 3600
ignoreip = 127.0.0.1
blocktype = DROP blocktype = DROP
logpath = /var/log/auth.log logpath = /var/log/auth.log
''; '';
@ -59,7 +58,16 @@ in mkIf (elem "fail2ban" cfg.services) {
bantime = 7200 bantime = 7200
''; '';
}; };
}; };
environment.etc."fail2ban/filter.d/sshd-ddos.conf" = {
enable = (active "openssh");
text = ''
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
ignoreregex =
'';
};
environment.etc."fail2ban/filter.d/postfix-sasl.conf" = { environment.etc."fail2ban/filter.d/postfix-sasl.conf" = {
enable = (active "mailserver"); enable = (active "mailserver");