EMOS Fail2Ban设置

FAIL2BAN

fail2ban通过分析日志来自动 ban 入侵者的 IP, 禁止user unknow试探

设置文件:

/etc/fail2ban

Fail2ban.conf    日志设定文档

Jail.conf           阻挡设置文档

 

/etc/fail2ban/filter.d 具体阻挡内容设定目录

Filter内容使用正则表达式

 

开启 pop3保护

vi /etc/fail2ban/jail.conf

[POP3]

enabled = true
filter   = courierlogin
action   = iptables[name=pop3,port=110, protocol=tcp]
logpath = /var/log/maillog
bantime = 1800
findtime = 300
maxretry = 15

 

 SMTP保护拦截

cat /etc/fail2ban/filter.d/couriersmtp.conf

failregex = postfix/smtpd.* warning:unknown\[<HOST>\]: SASL LOGIN authentication failed: authenticationfailure

这里表示错误地输入用户名／密码的smtp连接.

vi /etc/fail2ban/jail.conf

[SMTP]

enabled = true
filter   = couriersmtp
action   = iptables[name=smtp,port=25:366, protocol=tcp]
logpath = /var/log/maillog
bantime = 1800
findtime = 300
maxretry = 15

 

POSTFIX 保护User unknow的试探. , 参考: http://hi.baidu.com/enjoyunix/blog/item/e8506058fd3c3189810a183a.html

vi /etc/fail2ban/filter.d/postfix.conf

failregex = reject: RCPT from(.*)\[<HOST>\]: 450

vi /etc/fail2ban/jail.conf

[POSTFIX]
enabled = true
filter   = postfix
action   = iptables[name=postfix,port=25, protocol=tcp]
logpath = /var/log/maillog
bantime = 43200
findtime = 1200
maxretry = 5