Deploying Fail2Ban using SaltStack
One of the realities of having public facing SSH is the continual brute force attempts. I have 3 droplets at DigitalOcean, SGP1 and NYC2 get hit much more often than LON1. I thought about deploying SSH ACLs through SaltStack, but because all my systems are keys only, instead I deployed fail2ban with a custom configuration file to watch the bots get banned and laugh maniacally.
The relevant parts of config were as follows:
top.sls:
base:
'os:debian':
- match: grain
- settings.ntp.debian
- settings.minion.debian
- settings.fail2ban.debian
settings/fail2ban/debian.sls:
fail2ban:
pkg:
- installed
service:
- running
- require:
- pkg: fail2ban
- watch:
- file: /etc/fail2ban/jail.local
/etc/fail2ban/jail.local:
file:
- managed
- source: salt://settings/fail2ban/jail.local
- require:
- pkg: fail2ban
This deploys a custom jail.local file, which is the recommended way for deploying fail2ban.
This makes it quite easy to change ban times globally, or based on other grains.