Enable Fail2Ban jail from bash Script

I’m Automating Initial Server Setup with Ubuntu 18.04 on Digital Ocean using the user-data insert to start a new server.
I’ve got it to install Fail2Ban, but now I need to add the jails, starting with [sshd]
which is just a matter of adding enabled = true

I’ve recently learned echo would append to the end of the file,
or I could use sed to edit an existing line…
But how would I add a new line in between existing lines, when there’s nothing to be replaced?



# SSH servers


# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s


port     = ssh
logpath  = %(dropbear_log)s
backend  = %(dropbear_backend)s


port     = ssh
logpath  = %(auditd_log)s

# HTTP servers

I need to add enabled = true below the line starting with backend and above the stanza for [dropbear]

backend = %(sshd_backend)s
enabled = true


What I have for Fail2Ban in the script so far

# Chapter 15, Security

# Fail2Ban

apt install fail2ban

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

sed -i 's/#ignoreip = ::1/ignoreip = ::1' /etc/fail2ban/jail.local

# sed -i 's/bantime = 10m/bantime = 10m/' /etc/fail2ban/jail.local

sed -i 's/maxretry = 5/maxretry = 7/' /etc/fail2ban/jail.local

# sed -i 's/…/port = ssh/' /etc/fail2ban/jail.local

# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.