Fail2ban: Porovnání verzí
Skočit na navigaci
Skočit na vyhledávání
založena nová stránka s textem „/etc/fail2ban/filter.d/checkmk.conf [Definition] failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".* ignoreregex = sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf /etc/fail2ban/jail.local [checkmk] enabled = true filter = checkmk logpath = /path/to/your/checkmk/var/log/security.log maxretry = 3 bantime = 3600 findtime = 600 backend = auto systemc…“ |
Bez shrnutí editace značka: přepnuto z Vizuálního editoru |
||
| (Není zobrazena jedna mezilehlá verze od stejného uživatele.) | |||
| Řádek 1: | Řádek 1: | ||
<pre>/etc/fail2ban/jail.d/defaults-debian.conf</pre> | |||
<pre>[DEFAULT] | |||
banaction = iptables-multiport | |||
banaction_allports = iptables-allports | |||
backend = systemd | |||
</pre> | |||
<pre>fail2ban-client set sshd banip 1.2.3.4</pre> | |||
<pre>iptables -L -n</pre> | |||
postfixadmin jail | |||
<pre>[postfixadmin] | |||
enabled = true | |||
port = http,https | |||
filter = postfixadmin | |||
logpath = /var/log/apache2/error.log | |||
action = iptables-multiport[name=postfixadmin,port="443", protocol=tcp] | |||
findtime = 60 | |||
maxretry = 2 | |||
bantime = 12000 | |||
ignoreip = 185.51.242.2 185.51.242.12 | |||
</pre> | |||
postfix jail | |||
<pre>[postfix-sasl] | |||
enabled = true | |||
filter = postfix[mode=auth] | |||
port = smtp,465,submission,imap,imaps,pop3,pop3s | |||
# You might consider monitoring /var/log/mail.warn instead if you are | |||
# running postfix since it would provide the same log lines at the | |||
# "warn" level but overall at the smaller filesize. | |||
logpath = %(postfix_log)s | |||
backend = %(postfix_backend)s | |||
ignoreip = 185.51.242.2 185.51.242.12 | |||
</pre> | |||
cmk jail | |||
<pre> | |||
/etc/fail2ban/filter.d/checkmk.conf | /etc/fail2ban/filter.d/checkmk.conf | ||
[Definition] | [Definition] | ||
failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".* | failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".* | ||
ignoreregex = | ignoreregex = | ||
</pre> | |||
roundcube jail | |||
<pre>[roundcube-auth] | |||
enabled = true | |||
port = 443 | |||
#logpath = %(roundcube_errors_log)s | |||
logpath = /var/log/roundcube/errors.log | |||
action = iptables-multiport[name=roundcube-auth,port="443", protocol=tcp] | |||
maxretry = 3 | |||
ignoreip = 185.51.242.2 185.51.242.12 84.246.166.0/24 | |||
</pre> | |||
<pre>sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf</pre> | |||
<pre> | |||
/etc/fail2ban/jail.local | /etc/fail2ban/jail.local | ||
[checkmk] | [checkmk] | ||
| Řádek 16: | Řádek 66: | ||
findtime = 600 | findtime = 600 | ||
backend = auto | backend = auto | ||
</pre> | |||
systemctl reload fail2ban | <pre>systemctl reload fail2ban</pre> | ||
fail2ban-client status checkmk | <pre>fail2ban-client status checkmk</pre> | ||
Aktuální verze z 13. 2. 2026, 08:54
/etc/fail2ban/jail.d/defaults-debian.conf
[DEFAULT] banaction = iptables-multiport banaction_allports = iptables-allports backend = systemd
fail2ban-client set sshd banip 1.2.3.4
iptables -L -n
postfixadmin jail
[postfixadmin] enabled = true port = http,https filter = postfixadmin logpath = /var/log/apache2/error.log action = iptables-multiport[name=postfixadmin,port="443", protocol=tcp] findtime = 60 maxretry = 2 bantime = 12000 ignoreip = 185.51.242.2 185.51.242.12
postfix jail
[postfix-sasl] enabled = true filter = postfix[mode=auth] port = smtp,465,submission,imap,imaps,pop3,pop3s # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = %(postfix_log)s backend = %(postfix_backend)s ignoreip = 185.51.242.2 185.51.242.12
cmk jail
/etc/fail2ban/filter.d/checkmk.conf
[Definition]
failregex = .* \[cmk_security\.auth \d+\] \{"summary": "authentication failed".*"remote_ip": "<HOST>".*
ignoreregex =
roundcube jail
[roundcube-auth] enabled = true port = 443 #logpath = %(roundcube_errors_log)s logpath = /var/log/roundcube/errors.log action = iptables-multiport[name=roundcube-auth,port="443", protocol=tcp] maxretry = 3 ignoreip = 185.51.242.2 185.51.242.12 84.246.166.0/24
sudo fail2ban-regex /path/to/your/checkmk/var/log/security.log /etc/fail2ban/filter.d/checkmk.conf
/etc/fail2ban/jail.local [checkmk] enabled = true filter = checkmk logpath = /path/to/your/checkmk/var/log/security.log maxretry = 3 bantime = 3600 findtime = 600 backend = auto
systemctl reload fail2ban
fail2ban-client status checkmk