Added fail2ban setup to post-install.txt.

post-install.txt

@@ -5,3 +5,44 @@ if [ "${PIPESTATUS[0]}" -eq 0 ]; then
 else
    echo "FAILED !"
 fi
+
+echo "Restarting ssh daemon..."
+eval chroot /rootfs /user/bin/systemctl restart ssh 2>&1 | output_filter
+if [ "${PIPESTATUS[0]}" -eq 0 ]; then
+   echo "OK"
+else
+   echo "FAILED !"
+fi
+
+echo "Ensure fail2ban service is enabled..."
+eval chroot /rootfs /user/bin/systemctl enable fail2ban 2>&1 | output_filter
+if [ "${PIPESTATUS[0]}" -eq 0 ]; then
+   echo "OK"
+else
+   echo "FAILED !"
+fi
+
+echo "Configure fail2ban ssh jail..."
+eval chroot /rootfs /user/bin/touch /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo '[ssh]' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'enabled=true' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'port=2122' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'filter=sshd' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'logpath=/var/log/auth.log' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'bantime=1800' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'banaction=iptables-allports' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'findtime=900' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+eval chroot /rootfs /user/bin/echo 'maxretry=3' >> /etc/fail2ban/jail.local 2>&1 | output_filter
+if [ "${PIPESTATUS[0]}" -eq 0 ]; then
+   echo "OK"
+else
+   echo "FAILED !"
+fi
+
+echo "Restart fail2ban service..."
+eval chroot /rootfs /user/bin/systemctl restart fail2ban 2>&1 | output_filter
+if [ "${PIPESTATUS[0]}" -eq 0 ]; then
+   echo "OK"
+else
+   echo "FAILED !"
+fi