diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2022-12-14 12:01:33 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2022-12-18 13:29:34 +0100 |
commit | 7ea3baad594b889f6f7f4e7e4ccc4dc7c0099bc6 (patch) | |
tree | 211a5c2004e22bc858c00560bbd37e1137b07816 /roles/common/files/etc/systemd | |
parent | c854664b9043e9a04fe0115fb115643543eddf6f (diff) |
Improve Debian 11's fail2ban rules.
Diffstat (limited to 'roles/common/files/etc/systemd')
-rw-r--r-- | roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf b/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf index e3e651f..b34d130 100644 --- a/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf +++ b/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf @@ -2,13 +2,16 @@ After=nftables.service [Service] +ExecStartPre= +ExecStart= +ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start + # Need explicit rights to read logs as we don't grant CAP_DAC_READ_SEARCH SupplementaryGroups=adm # Hardening NoNewPrivileges=yes ProtectSystem=strict -ReadWriteDirectories=/var/log/fail2ban RuntimeDirectory=fail2ban PrivateDevices=yes ProtectControlGroups=yes |