Fail2ban: Porovnání verzí

Z wiki
Skočit na navigaci Skočit na vyhledávání
← Porovnání se starší verzí
VizuálníWikitext
Bez shrnutí editace
Bez shrnutí editace
 
Řádek 5: Řádek 5:
banaction_allports = iptables-allports
banaction_allports = iptables-allports
backend = systemd
backend = systemd
</pre>


<pre>fail2ban-client set sshd banip 1.2.3.4</pre>
<pre>iptables -L -n</pre>
postfixadmin jail
<pre>[postfixadmin]
enabled  = true
port    = http,https
filter  = postfixadmin
logpath  = /var/log/apache2/error.log
action = iptables-multiport[name=postfixadmin,port="443", protocol=tcp]
findtime = 60
maxretry = 2
bantime  = 12000
ignoreip = 185.51.242.2 185.51.242.12
</pre>
</pre>


 
postfix jail
<pre>[postfix-sasl]
enabled = true
filter  = postfix[mode=auth]
port    = smtp,465,submission,imap,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
ignoreip = 185.51.242.2 185.51.242.12
</pre>
cmk jail
<pre>
/etc/fail2ban/filter.d/checkmk.conf
/etc/fail2ban/filter.d/checkmk.conf
[Definition]
[Definition]
failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".*
failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".*
ignoreregex =
ignoreregex =
</pre>


sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf
roundcube jail
<pre>[roundcube-auth]
enabled  = true
port    = 443
#logpath  = %(roundcube_errors_log)s
logpath  = /var/log/roundcube/errors.log
action = iptables-multiport[name=roundcube-auth,port="443", protocol=tcp]
maxretry = 3
ignoreip = 185.51.242.2 185.51.242.12 84.246.166.0/24
</pre>


<pre>sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf</pre>


<pre>
/etc/fail2ban/jail.local
/etc/fail2ban/jail.local
[checkmk]
[checkmk]
Řádek 26: Řádek 66:
findtime = 600
findtime = 600
backend = auto
backend = auto
</pre>


systemctl reload fail2ban
<pre>systemctl reload fail2ban</pre>


fail2ban-client status checkmk
<pre>fail2ban-client status checkmk</pre>

Aktuální verze z 13. 2. 2026, 08:54

/etc/fail2ban/jail.d/defaults-debian.conf
[DEFAULT]
banaction = iptables-multiport
banaction_allports = iptables-allports
backend = systemd

fail2ban-client set sshd banip 1.2.3.4
iptables -L -n

postfixadmin jail 

[postfixadmin]
enabled  = true
port     = http,https
filter   = postfixadmin
logpath  = /var/log/apache2/error.log
action = iptables-multiport[name=postfixadmin,port="443", protocol=tcp]
findtime = 60
maxretry = 2
bantime  = 12000
ignoreip = 185.51.242.2 185.51.242.12

postfix jail 

[postfix-sasl]
enabled = true
filter   = postfix[mode=auth]
port     = smtp,465,submission,imap,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
ignoreip = 185.51.242.2 185.51.242.12

cmk jail 

/etc/fail2ban/filter.d/checkmk.conf
[Definition]
failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".*
ignoreregex =

roundcube jail 

[roundcube-auth]
enabled  = true
port     = 443
#logpath  = %(roundcube_errors_log)s
logpath  = /var/log/roundcube/errors.log
action = iptables-multiport[name=roundcube-auth,port="443", protocol=tcp]
maxretry = 3
ignoreip = 185.51.242.2 185.51.242.12 84.246.166.0/24

sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf
/etc/fail2ban/jail.local
[checkmk]
enabled = true
filter = checkmk
logpath = /path/to/your/checkmk/var/log/security.log
maxretry = 3
bantime = 3600
findtime = 600
backend = auto



systemctl reload fail2ban
fail2ban-client status checkmk
Citováno z „https://wiki.chalupsky.org/index.php?title=Fail2ban&oldid=14