From e3d830dfd41d79329ce3911d19ed218e0d097740 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Fri, 28 Oct 2016 11:54:29 -0500 Subject: [PATCH] Improve services on boot - Better handling of starting IPTables & Fail2Ban on boot - Use iptables-services and disable firewalld for CentOS 7 --- extras/vpnupgrade_centos.sh | 2 +- vpnsetup.sh | 3 ++- vpnsetup_centos.sh | 19 +++++++++---------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/extras/vpnupgrade_centos.sh b/extras/vpnupgrade_centos.sh index 5fa9783..fd1e097 100644 --- a/extras/vpnupgrade_centos.sh +++ b/extras/vpnupgrade_centos.sh @@ -108,7 +108,7 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \ if grep -qs "release 6" /etc/redhat-release; then yum -y remove libevent-devel yum -y install libevent2-devel || exiterr2 -elif grep -qs "release 7" /etc/redhat-release; then +else yum -y install libevent-devel systemd-devel || exiterr2 fi diff --git a/vpnsetup.sh b/vpnsetup.sh index 457d4b9..1d5ab81 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -162,6 +162,8 @@ apt-get -yq install ppp xl2tpd || exiterr2 # Install Fail2Ban to protect SSH server apt-get -yq install fail2ban || exiterr2 +update-rc.d fail2ban enable +systemctl enable fail2ban 2>/dev/null # Compile and install Libreswan swan_ver=3.18 @@ -438,7 +440,6 @@ EOF echo "sleep 30" >> /etc/rc.local fi cat >> /etc/rc.local <<'EOF' -service fail2ban restart || /bin/true service ipsec start service xl2tpd start echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh index 9de96f1..73026e0 100755 --- a/vpnsetup_centos.sh +++ b/vpnsetup_centos.sh @@ -156,7 +156,7 @@ yum -y install fail2ban || exiterr2 if grep -qs "release 6" /etc/redhat-release; then yum -y remove libevent-devel yum -y install libevent2-devel || exiterr2 -elif grep -qs "release 7" /etc/redhat-release; then +else yum -y install libevent-devel systemd-devel || exiterr2 fi @@ -408,13 +408,6 @@ fi # Create basic Fail2Ban rules if [ ! -f /etc/fail2ban/jail.local ] ; then cat > /etc/fail2ban/jail.local <<'EOF' -[DEFAULT] -ignoreip = 127.0.0.1/8 -bantime = 600 -findtime = 600 -maxretry = 5 -backend = auto - [ssh-iptables] enabled = true filter = sshd @@ -424,13 +417,19 @@ EOF fi # Start services at boot +if grep -qs "release 6" /etc/redhat-release; then + chkconfig iptables on + chkconfig fail2ban on +else + systemctl --now mask firewalld + yum -y install iptables-services || exiterr2 + systemctl enable iptables fail2ban +fi if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then conf_bk "/etc/rc.local" cat >> /etc/rc.local <<'EOF' # Added by hwdsl2 VPN script -iptables-restore < /etc/sysconfig/iptables -service fail2ban restart service ipsec start service xl2tpd start echo 1 > /proc/sys/net/ipv4/ip_forward