From afa0fd35c81de7be9a70c0cdd04dfeb6158d25fc Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 28 Aug 2020 18:32:47 +0200
Subject: [PATCH] Change default public SSH/SFTP port from 2222 to 22222

---
 CHANGELOG.md                         | 2 ++
 amazon-ec2/defaults/main.yml         | 4 ++++
 fail2ban/templates/jail.local.j2     | 2 +-
 minifirewall/defaults/main.yml       | 2 +-
 minifirewall/files/minifirewall.conf | 2 +-
 proftpd/defaults/main.yml            | 2 +-
 6 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 290ae8b2..5e06a8da 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ The **patch** part changes incrementally at each release.
 
 ### Changed
 
+* Change default public SSH/SFTP port from 2222 to 22222
+
 ### Fixed
 
 ### Removed
diff --git a/amazon-ec2/defaults/main.yml b/amazon-ec2/defaults/main.yml
index f1b0c52c..17ac35db 100644
--- a/amazon-ec2/defaults/main.yml
+++ b/amazon-ec2/defaults/main.yml
@@ -122,6 +122,10 @@ ec2_evolinux_security_group:
       from_port: 2222
       to_port: 2222
       cidr_ip: 0.0.0.0/0
+    - proto: tcp
+      from_port: 22222
+      to_port: 22222
+      cidr_ip: 0.0.0.0/0
     - proto: tcp
       from_port: 2223
       to_port: 2223
diff --git a/fail2ban/templates/jail.local.j2 b/fail2ban/templates/jail.local.j2
index 088e85d4..7e097e4f 100644
--- a/fail2ban/templates/jail.local.j2
+++ b/fail2ban/templates/jail.local.j2
@@ -28,7 +28,7 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto
 action = %(action_mwl)s
 
 [sshd]
-port    = ssh,2222
+port    = ssh,2222,22222
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 maxretry = 10
diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml
index f5719e3c..5489b06a 100644
--- a/minifirewall/defaults/main.yml
+++ b/minifirewall/defaults/main.yml
@@ -19,7 +19,7 @@ minifirewall_privilegied_ips: []
 
 minifirewall_protected_ports_tcp: [22]
 minifirewall_protected_ports_udp: []
-minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 2222]
+minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 22222]
 minifirewall_public_ports_udp: [53]
 minifirewall_semipublic_ports_tcp: [20, 21, 22, 80, 110, 143]
 minifirewall_semipublic_ports_udp: []
diff --git a/minifirewall/files/minifirewall.conf b/minifirewall/files/minifirewall.conf
index 8f535230..7285822a 100644
--- a/minifirewall/files/minifirewall.conf
+++ b/minifirewall/files/minifirewall.conf
@@ -29,7 +29,7 @@ SERVICESTCP1p='22'
 SERVICESUDP1p=''
 
 # Public services (IPv4/IPv6)
-SERVICESTCP1='25 53 443 993 995 2222'
+SERVICESTCP1='25 53 443 993 995 22222'
 SERVICESUDP1='53'
 
 # Semi-public services (IPv4)
diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml
index f955cd39..80edecd2 100644
--- a/proftpd/defaults/main.yml
+++ b/proftpd/defaults/main.yml
@@ -9,6 +9,6 @@ proftpd_ftps_port: 990
 proftpd_ftps_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
 proftpd_ftps_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
 proftpd_sftp_enable: False
-proftpd_sftp_port: 2222
+proftpd_sftp_port: 22222
 proftpd_accounts: []
 proftpd_accounts_final: []