Fail2ban

Z wiki
Skočit na navigaci Skočit na vyhledávání 
/etc/fail2ban/jail.d/defaults-debian.conf
[DEFAULT]
banaction = iptables-multiport
banaction_allports = iptables-allports
backend = systemd

fail2ban-client set sshd banip 1.2.3.4
iptables -L -n

postfixadmin jail 

[postfixadmin]
enabled  = true
port     = http,https
filter   = postfixadmin
logpath  = /var/log/apache2/error.log
action = iptables-multiport[name=postfixadmin,port="443", protocol=tcp]
findtime = 60
maxretry = 2
bantime  = 12000
ignoreip = 185.51.242.2 185.51.242.12

postfix jail 

[postfix-sasl]
enabled = true
filter   = postfix[mode=auth]
port     = smtp,465,submission,imap,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
ignoreip = 185.51.242.2 185.51.242.12

cmk jail 

/etc/fail2ban/filter.d/checkmk.conf
[Definition]
failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".*
ignoreregex =

roundcube jail 

[roundcube-auth]
enabled  = true
port     = 443
#logpath  = %(roundcube_errors_log)s
logpath  = /var/log/roundcube/errors.log
action = iptables-multiport[name=roundcube-auth,port="443", protocol=tcp]
maxretry = 3
ignoreip = 185.51.242.2 185.51.242.12 84.246.166.0/24

sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf
/etc/fail2ban/jail.local
[checkmk]
enabled = true
filter = checkmk
logpath = /path/to/your/checkmk/var/log/security.log
maxretry = 3
bantime = 3600
findtime = 600
backend = auto



systemctl reload fail2ban
fail2ban-client status checkmk
Citováno z „https://wiki.chalupsky.org/index.php?title=Fail2ban&oldid=14