msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.288.2025.10.24
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m28s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m0s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 56m36s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 55m52s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-24 10:57:02 +01:00
parent d33b0bff4d
commit 923ce8afa8
41 changed files with 55 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
config/hooks/live/9950_fail2ban_hardening.chroot
View File

@@ -37,6 +37,8 @@ cat << EOF >| /etc/fail2ban/jail.d/ciss-default.conf
# SPDX-Security-Contact: security@coresecret.eu
[DEFAULT]
banaction = nftables-multiport
banaction_allports = nftables-allports
dbpurgeage = 384d
# 127.0.0.1/8 - IPv4 loopback range (local host)
# ::1/128 - IPv6 loopback
@@ -47,7 +49,7 @@ ignoreip = 127.0.0.1/8 ::1/128 fe80::/10 ff00::/8 ::/128 MUST_BE_SE
[recidive]
enabled = true
banaction = ufw[blocktype=deny]
banaction = %(banaction_allports)s
bantime = 8d
bantime.increment = true
bantime.factor = 1
@@ -105,7 +107,7 @@ protocol = tcp
[icmp]
enabled = true
banaction = ufw[blocktype=deny]
banaction = %(banaction_allports)s
bantime = 1h
bantime.increment = true
bantime.factor = 1
@@ -120,7 +122,7 @@ maxretry = 1
[ufw]
enabled = true
banaction = ufw[blocktype=deny]
banaction = %(banaction_allports)s
bantime = 1h
bantime.increment = true
bantime.factor = 1