oh boy

2022-10-24 02:47:30 +11:00 · 2022-10-24 02:47:30 +11:00 · ff2b318542
parent 458796c78b
commit ff2b318542
8 changed files with 102 additions and 0 deletions
--- a/fail2ban/fail2ban-bad-auth-filter.conf
+++ b/fail2ban/fail2ban-bad-auth-filter.conf
@ -0,0 +1,5 @@
+# Fail2Ban configuration file
+[Definition]
+failregex = .* client login failed: .+ client:\ <HOST>
+ignoreregex =
+journalmatch = CONTAINER_TAG=docker-front
--- a/fail2ban/fail2ban-bad-auth-jail.conf
+++ b/fail2ban/fail2ban-bad-auth-jail.conf
@ -0,0 +1,11 @@
+[bad-auth]
+enabled = true
+backend = systemd
+filter = bad-auth
+bantime = 1w
+bantime.increment = true
+bantime.factor = 2
+bantime.maxtime = 128w
+findtime = 86400
+maxretry = 3
+action = docker-action
--- a/fail2ban/fail2ban-docker-action.conf
+++ b/fail2ban/fail2ban-docker-action.conf
@ -0,0 +1,16 @@
+[Definition]
+
+actionstart = iptables -N f2b-bad-auth
+              iptables -A f2b-bad-auth -j RETURN
+              iptables -I DOCKER-USER -p tcp -m multiport --dports 1:1024 -j f2b-bad-auth
+
+actionstop = iptables -D DOCKER-USER -p tcp -m multiport --dports 1:1024 -j f2b-bad-auth
+             iptables -F f2b-bad-auth
+             iptables -X f2b-bad-auth
+
+actioncheck = iptables -n -L DOCKER-USER | grep -q 'f2b-bad-auth[ \t]'
+
+actionban = iptables -I f2b-bad-auth 1 -s <ip> -j DROP
+
+actionunban = iptables -D f2b-bad-auth -s <ip> -j DROP
+
--- a/fail2ban/fail2ban-override.conf
+++ b/fail2ban/fail2ban-override.conf
@ -0,0 +1,2 @@
+[Unit]
+After=docker.service
--- a/fail2ban/fail2ban-sshd-jail.conf
+++ b/fail2ban/fail2ban-sshd-jail.conf
@ -0,0 +1,8 @@
+[sshd]
+enabled = true
+bantime = 1w
+bantime.increment = true
+bantime.factor = 2
+bantime.maxtime = 128w
+findtime = 86400
+maxretry = 3
--- a/gotask/install.sh
+++ b/gotask/install.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+mkdir -p ~/.local/bin
+stat ~/.local/bin/task > /dev/null || cp task ~/.local/bin
+stat /etc/bash_completion.d/task.bash || sudo cp task.bash /etc/bash_completion.d/task.bash
--- a/gotask/task
+++ b/gotask/task
--- a/gotask/task.bash
+++ b/gotask/task.bash
@ -0,0 +1,55 @@
+# vim: set tabstop=2 shiftwidth=2 expandtab:
+
+_GO_TASK_COMPLETION_LIST_OPTION='--list-all'
+
+function _task()
+{
+  local cur prev words cword
+  _init_completion -n : || return
+
+  # Check for `--` within command-line and quit or strip suffix.
+  local i
+  for i in "${!words[@]}"; do
+    if [ "${words[$i]}" == "--" ]; then
+      # Do not complete words following `--` passed to CLI_ARGS.
+      [ $cword -gt $i ] && return
+      # Remove the words following `--` to not put --list in CLI_ARGS.
+      words=( "${words[@]:0:$i}" )
+      break
+    fi
+  done
+
+  # Handle special arguments of options.
+  case "$prev" in
+    -d|--dir)
+      _filedir -d
+      return $?
+    ;;
+    -t|--taskfile)
+      _filedir yaml || return $?
+      _filedir yml
+      return $?
+    ;;
+    -o|--output)
+      COMPREPLY=( $( compgen -W "interleaved group prefixed" -- $cur ) )
+      return 0
+    ;;
+  esac
+
+  # Handle normal options.
+  case "$cur" in
+    -*)
+      COMPREPLY=( $( compgen -W "$(_parse_help $1)" -- $cur ) )
+      return 0
+    ;;
+  esac
+
+  # Prepare task name completions.
+  local tasks=( $( "${words[@]}" --silent $_GO_TASK_COMPLETION_LIST_OPTION 2> /dev/null ) )
+  COMPREPLY=( $( compgen -W "${tasks[*]}" -- "$cur" ) )
+
+  # Post-process because task names might contain colons.
+  __ltrim_colon_completions "$cur"
+}
+
+complete -F _task task