gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

fix: correct fail2ban options - use lower attr names, nested settings, proper types

Browse Source
This commit is contained in:
Hermes
2026-05-01 02:12:31 +00:00
parent 9291d83870
commit 8bdd0e352a
1 changed files with 31 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
hosts/lazyworkhorse/configuration.nix
View File

@@ -355,50 +355,55 @@
# Fail2ban - automatic IP banning # Fail2ban - automatic IP banning
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
maxRetry = 3; maxretry = 3;
findtime = 600; bantime = "1h";
bantime = 3600;
banaction = "iptables-multiport"; banaction = "iptables-multiport";
# Ban repeat offenders for 1 week
recidive = {
enabled = true;
filter = "recidive";
logpath = "/var/log/fail2ban.log";
bantime = 604800;
findtime = 86400;
maxretry = 3;
};
jails = { jails = {
# Ban repeat offenders for 1 week
recidive = {
enabled = true;
filter = "recidive";
settings = {
logpath = "/var/log/fail2ban.log";
bantime = "1w";
findtime = "1d";
maxretry = 3;
};
};
# SSH brute force protection # SSH brute force protection
sshd = { sshd = {
enabled = true; enabled = true;
filter = "sshd"; settings = {
port = "2424"; port = "2424";
logpath = "/var/log/auth.log"; maxretry = 3;
maxretry = 3; bantime = "1h";
bantime = 3600; };
}; };
# HTTP authentication failures # HTTP authentication failures
http-auth = { http-auth = {
enabled = true; enabled = true;
filter = "apache-auth"; filter = "apache-auth";
port = "80,443"; settings = {
logpath = "/var/log/traefik/access.log"; port = "80,443";
maxretry = 5; logpath = "/var/log/traefik/access.log";
bantime = 3600; maxretry = 5;
bantime = "1h";
};
}; };
# HTTP scanning/attacks # HTTP scanning/attacks
http-botsearch = { http-botsearch = {
enabled = true; enabled = true;
filter = "apache-botsearch"; filter = "apache-botsearch";
port = "80,443"; settings = {
logpath = [ "/var/log/traefik/access.log" ]; port = "80,443";
maxretry = 2; logpath = "/var/log/traefik/access.log";
bantime = 7200; maxretry = 2;
bantime = "2h";
};
}; };
}; };
}; };