Nethack with Fail2Ban - jonatello/lab-musing GitHub Wiki
The idea here is to create a FreeBSD jail with Nethack installed. In order to secure it, Fail2Ban will also be configured specifically for SSH and ipfw rules to allow only port 22.
Configuration:
Update the jail
pkg update
pkg upgrade
Install the Nethack package
pkg install nethack36-3.6.0_1
Configure SSH
Edit the SSH configuration to enable Password Authentication and bind to port 22
sed -i '' 's/#PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i '' 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
Enable SSHD via rc.conf
sysrc sshd_enable=yes
Start the SSH Daemon
service sshd start
Add a user for access
adduser jonatello
Configure a NAT rule on the edge firewall for remote access
Configure ipfw and fail2ban
Install the fail2ban package
pkg install py36-fail2ban-0.10.2
Create and configure the fail2ban rules appropriately for sshd
vi /usr/local/etc/fail2ban/jail.d/ssh-ipfw.local
Or use nethack.ssh-ipfw.local
Create and configure the ipfw rules appropriately
vi /usr/local/etc/ipfw.rules
Or use nethack.ipfw.rules
Enable the ipfw firewall with a specific rules file via rc.conf
sysrc firewall_enable=yes
sysrc firewall_script=/usr/local/etc/ipfw.rules
Enable fail2ban via rc.conf
sysrc fail2ban_enable=yes
Troubleshooting
List ipfw firewall rules
ipfw list
List ipfw table 1 rules
ipfw table 1 list
Remove a specific %IPAddress% from the table 1
ipfw table 1 delete %IPAddress%