#!/usr/bin/env bash
#
# install mcp
#
#

set -o errexit
set -o pipefail
set -o nounset

# installing dependencies
apt update
apt upgrade -y
apt install -y git unzip curl ufw fail2ban cockpit

systemctl start cockpit

#
# configure ufw and start
#
#
ufw allow ssh
ufw allow 9090/tcp

service ufw start
echo "y" | ufw enable

#
# configure fail2ban and start
#
#
cat > /etc/fail2ban/jail.local << EOF
[default]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# "bantime" is the number of seconds that a host is banned.
bantime = 3600

banaction = ufw

# The length of time between login attempts before a ban is set.
# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
# those 3 attempts must occur within the set 10-minute findtime limit.
# The findtime value should be a set number of seconds.
findtime = 600

maxretry = 5

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth-fail2ban.log
EOF

cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d
touch /var/log/fail2ban.log
service fail2ban start

echo -e "mcp installed"