#!/usr/bin/env bash
set -euo pipefail

if [ "$(id -u)" -ne 0 ]; then
  echo "Jalankan sebagai root."
  exit 1
fi

read -rp "Max retry SSH sebelum banned [5]: " MAX_RETRY
read -rp "Find time, contoh 10m [10m]: " FIND_TIME
read -rp "Ban time, contoh 1h [1h]: " BAN_TIME
MAX_RETRY="${MAX_RETRY:-5}"
FIND_TIME="${FIND_TIME:-10m}"
BAN_TIME="${BAN_TIME:-1h}"

apt update
apt -y install fail2ban
cat > /etc/fail2ban/jail.d/sshd.local <<JAIL
[sshd]
enabled = true
maxretry = $MAX_RETRY
findtime = $FIND_TIME
bantime = $BAN_TIME
JAIL

systemctl enable --now fail2ban
systemctl restart fail2ban
fail2ban-client status sshd || true