VPS-scripts_Web-V2/CoreModules/generic/conf.sh

##--------------------##
#   (Centos) SeLinux   #
##--------------------##
if [ "$shortdist" = "cent8" ]; then
    semanage port -a -t ssh_port_t -p tcp 4242
fi

##-------##
#   UFW   #
##-------##

if [ "$shortdist" = "cent8" ]; then
    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
    echo "y" | ufw reset > $OUTPUT 2>&1
fi

sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
ufw default deny incoming > $OUTPUT 2>&1
ufw default allow outgoing > $OUTPUT 2>&1
ufw allow 80/tcp > $OUTPUT 2>&1
ufw allow 443/tcp > $OUTPUT 2>&1
ufw limit 4242/tcp > $OUTPUT 2>&1
echo "y" | ufw enable > $OUTPUT 2>&1

##------------##
#   Fail2Ban   #
##------------##

#General config
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/jail.local -o /etc/fail2ban/jail.local

#Custom Fiters
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/nextcloud.filter -o /etc/fail2ban/filter.d/nextcloud.local
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -o /etc/fail2ban/filter.d/phpmyadmin-authlog.local
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local

#General jails
rm /etc/fail2ban/jail.d/*
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local
if [ -z $disbackendcms ]; then
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -o /etc/fail2ban/jail.d/phpmyadmin.local
fi