FAIL2BAN
fail2ban通过分析日志来自动 ban 入侵者的 IP, 禁止user unknow试探
设置文件:
/etc/fail2ban
Fail2ban.conf 日志设定文档
Jail.conf 阻挡设置文档
/etc/fail2ban/filter.d 具体阻挡内容设定目录
Filter内容使用正则表达式
开启 pop3保护
vi /etc/fail2ban/jail.conf
[POP3]
enabled = true
filter = courierlogin
action = iptables[name=pop3,port=110, protocol=tcp]
logpath = /var/log/maillog
bantime = 1800
findtime = 300
maxretry = 15
SMTP
保护拦截
cat /etc/fail2ban/filter.d/couriersmtp.conf
failregex = postfix/smtpd.* warning:unknown\[<HOST>\]: SASL LOGIN authentication failed: authenticationfailure
这里表示错误地输入用户名/密码的smtp连接.
vi /etc/fail2ban/jail.conf
[SMTP]
enabled = true
filter = couriersmtp
action = iptables[name=smtp,port=25:366, protocol=tcp]
logpath = /var/log/maillog
bantime = 1800
findtime = 300
maxretry = 15
POSTFIX 保护User unknow
的试探. , 参考: http://hi.baidu.com/enjoyunix/blog/item/e8506058fd3c3189810a183a.html
vi /etc/fail2ban/filter.d/postfix.conf
failregex = reject: RCPT from(.*)\[<HOST>\]: 450
vi /etc/fail2ban/jail.conf
[POSTFIX]
enabled = true
filter = postfix
action = iptables[name=postfix,port=25, protocol=tcp]
logpath = /var/log/maillog
bantime = 43200
findtime = 1200
maxretry = 5