FAIL2BAN
fail2ban通過分析日誌來自動 ban 入侵者的 IP, 禁止user unknow試探
設置文件:
/etc/fail2ban
Fail2ban.conf 日誌設定文檔
Jail.conf 阻擋設置文檔
/etc/fail2ban/filter.d 具體阻擋內容設定目錄
Filter內容使用正則表達式
開啓 pop3保護
vi /etc/fail2ban/jail.conf
[POP3]
enabled = true
filter = courierlogin
action = iptables[name=pop3,port=110, protocol=tcp]
logpath = /var/log/maillog
bantime = 1800
findtime = 300
maxretry = 15
SMTP
保護攔截
cat /etc/fail2ban/filter.d/couriersmtp.conf
failregex = postfix/smtpd.* warning:unknown\[<HOST>\]: SASL LOGIN authentication failed: authenticationfailure
這裏表示錯誤地輸入用戶名/密碼的smtp連接.
vi /etc/fail2ban/jail.conf
[SMTP]
enabled = true
filter = couriersmtp
action = iptables[name=smtp,port=25:366, protocol=tcp]
logpath = /var/log/maillog
bantime = 1800
findtime = 300
maxretry = 15
POSTFIX 保護User unknow
的試探. , 參考: http://hi.baidu.com/enjoyunix/blog/item/e8506058fd3c3189810a183a.html
vi /etc/fail2ban/filter.d/postfix.conf
failregex = reject: RCPT from(.*)\[<HOST>\]: 450
vi /etc/fail2ban/jail.conf
[POSTFIX]
enabled = true
filter = postfix
action = iptables[name=postfix,port=25, protocol=tcp]
logpath = /var/log/maillog
bantime = 43200
findtime = 1200
maxretry = 5