derped/nixos
1
0
Fork 0
Code Releases Activity

fail2ban: Fix some broken jails (socket based sshd is still broken).

Browse source
This commit is contained in:
Kevin Baensch 2020-03-27 13:36:53 +01:00
parent 2d0555e589
commit 8dd3071c89
Signed by: derped
GPG key ID: C0F1D326C7626543
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
services/fail2ban.nix
View file

@ -8,10 +8,9 @@ let
in mkIf (elem "fail2ban" cfg.services) {
services.fail2ban = {
enable = true;
jails = {
jails = {
DEFAULT = ''
bantime = 3600
ignoreip = 127.0.0.1
blocktype = DROP
logpath = /var/log/auth.log
'';
@ -59,7 +58,16 @@ in mkIf (elem "fail2ban" cfg.services) {
bantime = 7200
'';
};
};
};
environment.etc."fail2ban/filter.d/sshd-ddos.conf" = {
enable = (active "openssh");
text = ''
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
ignoreregex =
'';
};
environment.etc."fail2ban/filter.d/postfix-sasl.conf" = {
enable = (active "mailserver");