jmhbnz/raspi-k3s
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
38184b90ba03e3b0cafed8ed4de637ea34b73101
raspi-k3s/post-install.txt

42 lines
1.5 KiB
Plaintext
Executable File
Raw Blame History

echo "Changing ssh port..."
sed -i "s/#Port 22/Port 2122/" /rootfs/etc/ssh/sshd_config
echo "Turning off ssh pam..."
sed -i "s/UsePAM yes/UsePAM no/" /rootfs/etc/ssh/sshd_config
echo "Restarting ssh service..."
systemctl restart sshd
echo "Ensure fail2ban service is enabled..."
systemctl enable fail2ban
echo "Configure fail2ban ssh jail..."
touch /rootfs/etc/fail2ban/jail.local
echo '[ssh]' >> /rootfs/etc/fail2ban/jail.local
echo 'enabled=true' >> /rootfs/etc/fail2ban/jail.local
echo 'port=2122' >> /rootfs/etc/fail2ban/jail.local
echo 'filter=sshd' >> /rootfs/etc/fail2ban/jail.local
echo 'logpath=/var/log/auth.log' >> /rootfs/etc/fail2ban/jail.local
echo 'bantime=1800' >> /rootfs/etc/fail2ban/jail.local
echo 'banaction=iptables-allports' >> /rootfs/etc/fail2ban/jail.local
echo 'findtime=900' >> /rootfs/etc/fail2ban/jail.local
echo 'maxretry=3' >> /rootfs/etc/fail2ban/jail.local
echo "Restart fail2ban service..."
sudo systemctl restart fail2ban
echo "Configuring bash prompt..."
echo "PS1='\[\033[02;31m\]\u@\H:\[\033[01;34m\]\w\$\[\033[00m\] '" >> /rootfs/home/james/.bashrc
echo "Configuring port knocking..."
sed -i "/UseSysLog/ a\interface = wlan0" /rootfs/etc/knockd.conf
sed -i
sed -i "s/sequence = 7000,8000,9000/sequence = 6315,3315,1315,5315/" /rootfs/etc/knockd.conf
sed -i "s/sequence = 9000,8000,7000/sequence = 5315,1315,3315,6315/" /rootfs/etc/knockd.conf
echo "Enabling port knocking..."
systemctl enable knockd
echo "Restarting knock service..."
systemctl restart knockd
Reference in New Issue View Git Blame Copy Permalink