gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

fix: correct fail2ban options - use lower attr names, nested settings, proper types

Browse Source
This commit is contained in:
Hermes
2026-05-01 02:12:31 +00:00
parent 9291d83870
commit 8bdd0e352a
1 changed files with 31 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
hosts/lazyworkhorse/configuration.nix
View File

@@ -355,50 +355,55 @@
# Fail2ban - automatic IP banning # Fail2ban - automatic IP banning
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
maxRetry = 3; maxretry = 3;
findtime = 600; bantime = "1h";
bantime = 3600;
banaction = "iptables-multiport"; banaction = "iptables-multiport";
jails = {
# Ban repeat offenders for 1 week # Ban repeat offenders for 1 week
recidive = { recidive = {
enabled = true; enabled = true;
filter = "recidive"; filter = "recidive";
settings = {
logpath = "/var/log/fail2ban.log"; logpath = "/var/log/fail2ban.log";
bantime = 604800; bantime = "1w";
findtime = 86400; findtime = "1d";
maxretry = 3; maxretry = 3;
}; };
};
jails = {
# SSH brute force protection # SSH brute force protection
sshd = { sshd = {
enabled = true; enabled = true;
filter = "sshd"; settings = {
port = "2424"; port = "2424";
logpath = "/var/log/auth.log";
maxretry = 3; maxretry = 3;
bantime = 3600; bantime = "1h";
};
}; };
# HTTP authentication failures # HTTP authentication failures
http-auth = { http-auth = {
enabled = true; enabled = true;
filter = "apache-auth"; filter = "apache-auth";
settings = {
port = "80,443"; port = "80,443";
logpath = "/var/log/traefik/access.log"; logpath = "/var/log/traefik/access.log";
maxretry = 5; maxretry = 5;
bantime = 3600; bantime = "1h";
};
}; };
# HTTP scanning/attacks # HTTP scanning/attacks
http-botsearch = { http-botsearch = {
enabled = true; enabled = true;
filter = "apache-botsearch"; filter = "apache-botsearch";
settings = {
port = "80,443"; port = "80,443";
logpath = [ "/var/log/traefik/access.log" ]; logpath = "/var/log/traefik/access.log";
maxretry = 2; maxretry = 2;
bantime = 7200; bantime = "2h";
};
}; };
}; };
}; };