Initial commit

Signed-off-by: Sam Therapy <sam@samtherapy.net>

.gitignore

@@ -0,0 +1,3 @@
+*.deb
+*.rpm
+*.apk

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "fail2ban-endlessh"]
+	path = fail2ban-endlessh
+	url = https://github.com/SamTherapy/fail2ban-endlessh
+[submodule "krathalan-endlessh"]
+	path = krathalan-endlessh
+	url = https://github.com/krathalan/endlessh

README.md

@@ -0,0 +1,12 @@
+# TODO
+
+## Adding
+
+```sh
+# Add PGP key
+sudo curl https://git.froth.zone/api/packages/packaging/debian/repository.key -o /usr/share/keyrings/git-froth-zone-packaging.asc
+# Add repo
+echo "deb [signed-by=/usr/share/keyrings/git-froth-zone-packaging.asc]  https://git.froth.zone/api/packages/packaging/debian sid main" | sudo tee /etc/apt/sources.list.d/git-froth-zone-packaging.list
+# Update and install
+sudo apt update
+```

fail2ban-endlessh

@@ -0,0 +1 @@
+Subproject commit faae1d6d7a0d2f476700a5138fb81f5babb3fd66

helpers/endlessh.conf

@@ -0,0 +1,27 @@
+# The port on which to listen for new SSH connections.
+Port 2222
+
+# The endless banner is sent one line at a time. This is the delay
+# in milliseconds between individual lines.
+Delay 10000
+
+# The length of each line is randomized. This controls the maximum
+# length of each line. Shorter lines may keep clients on for longer if
+# they give up after a certain number of bytes.
+MaxLineLength 32
+
+# Maximum number of connections to accept at a time. Connections beyond
+# this are not immediately rejected, but will wait in the queue.
+MaxClients 4096
+
+# Set the detail level for the log.
+#   0 = Quiet
+#   1 = Standard, useful log messages
+#   2 = Very noisy debugging information
+LogLevel 1
+
+# Set the family of the listening socket
+#   0 = Use IPv4 Mapped IPv6 (Both v4 and v6, default)
+#   4 = Use IPv4 only
+#   6 = Use IPv6 only
+BindFamily 0

helpers/endlessh.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+systemctl daemon-reload
+systemctl unmask endlessh
+systemctl preset endlessh
+systemctl enable endlessh
+systemctl restart endlessh

helpers/fail2ban-endlessh.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+systemctl restart fail2ban

krathalan-endlessh

@@ -0,0 +1 @@
+Subproject commit 4858c6031f959c0805f5dd9868a907993d17b997

nfpms/endlessh-krathalan.yaml

@@ -0,0 +1,39 @@
+# nfpm example configuration file
+#
+# check https://nfpm.goreleaser.com/configuration for detailed usage
+#
+name: "endlessh-krathalan"
+arch: "amd64"
+platform: "linux"
+version: "20240823"
+version_schema: none
+section: "default"
+priority: "extra"
+provides:
+  - endlessh
+recommends:
+  - fail2ban
+  - fail2ban-endlessh
+conflicts:
+  - endlessh
+maintainer: "Sam Therapy <sam@samtherapy.net>"
+description: |
+  SSH tarpit that slowly sends an endless banner | Krathalan fork
+homepage: "https://github.com/krathalan/endlessh"
+license: "Unlicense"
+contents:
+  - src: ./krathalan-endlessh/endlessh
+    dst: /usr/bin/endlessh
+  - src: ./krathalan-endlessh/endlessh.1
+    dst: /usr/share/man/man1/endlessh.1
+  - src: ./krathalan-endlessh/util/endlessh.service
+    dst: /lib/systemd/system/endlessh.service
+  - src: ./helpers/endlessh.conf
+    dst: /etc/endlessh.conf
+    type: config
+  - src: /etc/endlessh.conf
+    dst: /etc/endlessh/config
+    type: symlink
+scripts:
+  postinstall: ./helpers/endlessh.sh
+# yaml-language-server: $schema=https://nfpm.goreleaser.com/static/schema.json

nfpms/fail2ban-endlessh.yaml

@@ -0,0 +1,31 @@
+# nfpm example configuration file
+#
+# check https://nfpm.goreleaser.com/configuration for detailed usage
+#
+
+name: "fail2ban-endlessh"
+arch: "all"
+platform: "linux"
+version: "20240823"
+version_schema: none
+section: "default"
+priority: "extra"
+depends:
+  - fail2ban
+  - endlessh
+maintainer: "Sam Therapy <sam@samtherapy.net>"
+description: |
+  Combining the powers of endlessh and fail2ban.
+homepage: "https://github.com/SamTherapy/fail2ban-endlessh"
+license: "Unlicense"
+contents:
+  - src: ./fail2ban-endlessh/action.d/endlessh.conf
+    dst: /etc/fail2ban/action.d/endlessh.conf
+    type: config
+  - src: ./fail2ban-endlessh/jail.d/endlessh.conf
+    dst: /etc/fail2ban/jail.d/endlessh.conf
+    type: config
+scripts:
+  postinstall: ./helpers/fail2ban-endlessh.sh
+  postremove: ./helpers/fail2ban-endlessh.sh
+# yaml-language-server: $schema=https://nfpm.goreleaser.com/static/schema.json