CentOS 7安裝fail2ban(iptables)

CentOS 7安裝fail2ban

1.yum

yum -y install fail2ban

2.setup

vi /etc/fail2ban/jail.conf

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400

[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400

[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot, port=”pop3,pop3s,imap,imaps,smtp,smtps,submission,sieve”, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
bantime = 36000 #單位為秒,這邊是10小時

[dovecot-auth]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-auth, port=”pop3,pop3s,imap,imaps,submission,465,sieve”, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
bantime = 36000 #單位為秒,這邊是10小時

[named-refused-udp]
enabled = true
filter = named-refused
action = iptables-multiport[name=Named, port=”domain,953″, protocol=udp]
logpath = /var/log/named/named_security.log
bantime = 30000000

[named-refused-tcp]
enabled = true
filter = named-refused
action = iptables-multiport[name=Named, port=”domain,953″, protocol=tcp]
logpath = /var/log/named/named_security.log
bantime = 30000000

fail2ban-client status 查看全部有幾組設定檔
fail2ban-client status dovecot 查看dovecot規則的狀態
查看目前防火牆阻擋的情況
iptables -L -n
iptables -S

誤判清除與開放:
若是某些原因造成誤鎖,可用iptables打開它

先查看規則鏈 iptables -n -L
Chain f2b-dovecot (1 references)
target prot opt source destination
REJECT all — 123.456.789.123 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all — 0.0.0.0/0 0.0.0.0/0

iptables -D f2b-dovecot -s 123.456.789.123 -j REJECT
這樣就移掉了

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *