commit
58fc09dc5e
@ -0,0 +1,63 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# install mcp
|
||||
#
|
||||
#
|
||||
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
|
||||
# installing dependencies
|
||||
apt update
|
||||
apt upgrade -y
|
||||
apt install -y git unzip curl ufw fail2ban cockpit
|
||||
|
||||
systemctl start cockpit
|
||||
|
||||
#
|
||||
# configure ufw and start
|
||||
#
|
||||
#
|
||||
ufw allow ssh
|
||||
ufw allow 9090/tcp
|
||||
|
||||
service ufw start
|
||||
echo "y" | ufw enable
|
||||
|
||||
#
|
||||
# configure fail2ban and start
|
||||
#
|
||||
#
|
||||
cat > /etc/fail2ban/jail.local << EOF
|
||||
[default]
|
||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
|
||||
# ban a host which matches an address in this list. Several addresses can be
|
||||
# defined using space separator.
|
||||
ignoreip = 127.0.0.1/8
|
||||
|
||||
# "bantime" is the number of seconds that a host is banned.
|
||||
bantime = 3600
|
||||
|
||||
banaction = ufw
|
||||
|
||||
# The length of time between login attempts before a ban is set.
|
||||
# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
|
||||
# those 3 attempts must occur within the set 10-minute findtime limit.
|
||||
# The findtime value should be a set number of seconds.
|
||||
findtime = 600
|
||||
|
||||
maxretry = 5
|
||||
|
||||
[ssh]
|
||||
enabled = true
|
||||
port = ssh
|
||||
filter = sshd
|
||||
logpath = /var/log/auth-fail2ban.log
|
||||
EOF
|
||||
|
||||
cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d
|
||||
touch /var/log/fail2ban.log
|
||||
service fail2ban start
|
||||
|
||||
echo -e "mcp installed"
|
@ -0,0 +1 @@
|
||||
spawn('curl -sL https://deb.nodesource.com/setup_' + $version + '.x | sudo -E bash -')
|
@ -0,0 +1,3 @@
|
||||
[Definition]
|
||||
failregex = .*Failed authentication attempt for .* from <HOST>
|
||||
ignoreregex =
|
@ -0,0 +1,8 @@
|
||||
# woocommerce auth failed
|
||||
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
failregex = <HOST>.*POST.*(/account/).* 200
|
||||
ignoreregex =
|
@ -0,0 +1,8 @@
|
||||
# wordpress login failed
|
||||
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 200
|
||||
ignoreregex =
|
@ -0,0 +1,9 @@
|
||||
#
|
||||
|
||||
[gitea]
|
||||
|
||||
enabled = true
|
||||
filter = gitea
|
||||
port = http,https
|
||||
logpath = /var/lib/gitea/log/gitea.log
|
||||
maxretry = 3
|
@ -0,0 +1,6 @@
|
||||
[mysqld-auth]
|
||||
|
||||
enabled = true
|
||||
filter = mysqld-auth
|
||||
port = 3306
|
||||
logpath = /var/log/mysql/error.log
|
@ -0,0 +1,9 @@
|
||||
# stop some known malicious bot request patterns
|
||||
|
||||
[nginx-badbots]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = apache-badbots
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 2
|
@ -0,0 +1,7 @@
|
||||
[nginx-botsearch]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = nginx-botsearch
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 2
|
@ -0,0 +1,9 @@
|
||||
# ban clients that are searching for scripts on the website to execute and exploit,
|
||||
# only using if php not in use
|
||||
|
||||
[nginx-http-auth]
|
||||
|
||||
enabled = true
|
||||
filter = nginx-http-auth
|
||||
port = http,https
|
||||
logpath = /var/log/nginx/*error.log
|
@ -0,0 +1,7 @@
|
||||
[nginx-nohome]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = apache-nohome
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 2
|
@ -0,0 +1,7 @@
|
||||
[nginx-noscript]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = apache-noscript
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 2
|
@ -0,0 +1,10 @@
|
||||
# dos
|
||||
|
||||
[nginx-req-limit]
|
||||
|
||||
enabled = true
|
||||
filter = nginx-req-limit
|
||||
logpath = /var/log/nginx/*error.log
|
||||
findtime = 600
|
||||
bantime = 7200
|
||||
maxretry = 10
|
@ -0,0 +1,9 @@
|
||||
#
|
||||
|
||||
[woocommerce]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = woocommerce-auth
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 3
|
@ -0,0 +1,7 @@
|
||||
[wordpress]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = wordpress-auth
|
||||
logpath = /var/log/nginx/*access.log
|
||||
maxretry = 3
|
@ -0,0 +1 @@
|
||||
$color__body: white;
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,17 @@
|
||||
{
|
||||
"private": true,
|
||||
"devDependencies": {
|
||||
"html-webpack-plugin": "^5.5.0",
|
||||
"laravel-mix": "^6.0.43",
|
||||
"laravel-mix-purgecss": "^6.0.0",
|
||||
"postcss-css-variables": "^0.18.0",
|
||||
"resolve-url-loader": "^5.0.0",
|
||||
"sass": "^1.49.9",
|
||||
"sass-loader": "^12.6.0",
|
||||
"svg-spritemap-webpack-plugin": "^4.4.0",
|
||||
"svgo": "^2.8.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"@tiny-components/plain-ui": "^0.6.0"
|
||||
}
|
||||
}
|
@ -0,0 +1,20 @@
|
||||
<!doctype html>
|
||||
<html lang="en_EN">
|
||||
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<title>
|
||||
I'm a Teapot
|
||||
</title>
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
<link rel="stylesheet" href="/styles.css">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<main class="site-main">
|
||||
<img class="teapot" src="/teapot.gif" width="675" height="450" alt="This is a Teapot" />
|
||||
</main>
|
||||
</body>
|
||||
|
||||
</html>
|
@ -0,0 +1,3 @@
|
||||
{
|
||||
"/styles.css": "/styles.css?id=21756765218b7d9f7e87c67327b856fb"
|
||||
}
|
@ -0,0 +1,2 @@
|
||||
User-agent: *
|
||||
Disallow: /
|
@ -0,0 +1 @@
|
||||
@font-face{font-display:swap;font-family:IBM Plex Mono;font-style:normal;font-weight:400;src:url(IBMPlexMono.eot);src:url(IBMPlexMono.eot?#iefix) format("embedded-opentype"),url(IBMPlexMono.woff2) format("woff2"),url(IBMPlexMono.woff) format("woff"),url(IBMPlexMono.ttf) format("truetype")}@font-face{font-display:swap;font-family:IBM Plex Mono;font-style:normal;font-weight:700;src:url(IBMPlexMono-Bold.eot);src:url(IBMPlexMono-Bold.eot?#iefix) format("embedded-opentype"),url(IBMPlexMono-Bold.woff2) format("woff2"),url(IBMPlexMono-Bold.woff) format("woff"),url(IBMPlexMono-Bold.ttf) format("truetype")}:root{--grid-columns:12;--grid-grid-spacing:15px;--grid-xs:576px;--grid-sm:768px;--grid-md:992px;--grid-lg:1200px;--grid-xlg:1600px;--grid-xxs-max:575px;--grid-xs-max:767px;--grid-sm-max:991px;--grid-md-max:1199px;--grid-lg-max:1599px;--body:#fff;--text:#363636;--text-contrast:#fff;--primary:#3e3e3e;--primary-contrast:#3e3e3e;--active:#717171;--active-contrast:#fff;--link:#363636;--link-hover:#d95959;--danger:#d95959;--danger-contrast:#ecacac;--info:#0090d4;--info-constrast:#3bc0ff;--success:#64ac64;--success-contrast:#a6d0a6;--warning:#f0ad4e;--warning-contrast:#f8d9ac;--background:#3e3e3e;--background-contrast:#fff;--background-alpha:rgba(0,0,0,.7);--border:#3e3e3e;--border-contrast:#fff;--font-family:IBM Plex Mono,sans-serif}html{-webkit-text-size-adjust:100%;font-size:100%;line-height:1.15}body,html{height:100%;margin:0}html{box-sizing:border-box}body{background-color:var(--body);color:var(--text);direction:ltr;font-family:var(--font-family);font-size:.9rem;line-height:1.618}@media only screen and (min-width:992px){body{font-size:1rem}}a{color:var(--link);text-decoration:none;transition:color .5s}a:hover{color:var(--link-hover)}a:focus{outline:none}main{display:block}*,:after,:before{box-sizing:inherit}.content a{-webkit-text-decoration-skip:ink edges;text-decoration-skip:ink edges;text-decoration:underline}@-webkit-keyframes loading-animation{0%{height:60px}50%{height:40px}to{height:60px}}@keyframes loading-animation{0%{height:60px}50%{height:40px}to{height:60px}}.color-active{color:var(--active)}.fill-active,.fill-active svg{fill:var(--active)}.border-color-active{border-color:var(--active)}.background-color-active{background-color:var(--active)}.site-main{align-items:center;display:flex;height:100%;justify-content:center;width:100%}@media only screen and (max-width:575px){.teapot{height:auto;width:100%}}@media only screen and (min-width:576px) and (max-width:767px){.teapot{height:auto;width:100%}}@media only screen and (min-width:768px) and (max-width:991px){.teapot{height:auto;width:100%}}
|
After Width: | Height: | Size: 192 KiB |
@ -0,0 +1,28 @@
|
||||
@import
|
||||
'config',
|
||||
'@tiny-components/plain-ui/src/scss/plain-ui';
|
||||
|
||||
.site-main {
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
}
|
||||
|
||||
.teapot {
|
||||
@include media-xxs-only() {
|
||||
width: 100%;
|
||||
height: auto;
|
||||
}
|
||||
|
||||
@include media-xs-only() {
|
||||
width: 100%;
|
||||
height: auto;
|
||||
}
|
||||
|
||||
@include media-sm-only() {
|
||||
width: 100%;
|
||||
height: auto;
|
||||
}
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
const mix = require('laravel-mix')
|
||||
const path = require('path')
|
||||
const fs = require('fs')
|
||||
|
||||
require('laravel-mix-purgecss')
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Mix Asset Management
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Mix provides a clean, fluent API for defining some Webpack build steps
|
||||
| for your Laravel application. By default, we are compiling the Sass
|
||||
| file for your application, as well as bundling up your JS files.
|
||||
|
|
||||
*/
|
||||
|
||||
mix
|
||||
.options({
|
||||
terser: {
|
||||
extractComments: false,
|
||||
},
|
||||
processCssUrls: false
|
||||
})
|
||||
.setPublicPath('./public')
|
||||
.sass('styles.scss', 'public/styles.css')
|
||||
.purgeCss({
|
||||
extend: {
|
||||
content: [
|
||||
path.join(__dirname, 'public/*.html'),
|
||||
]
|
||||
}
|
||||
})
|
||||
.version()
|
Loading…
Reference in new issue