CentOS 7安裝fail2ban
1.yum
yum -y install fail2ban
2.setup
vi /etc/fail2ban/jail.conf
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400
[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot, port=”pop3,pop3s,imap,imaps,smtp,smtps,submission,sieve”, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
bantime = 36000 #單位為秒,這邊是10小時
[dovecot-auth]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-auth, port=”pop3,pop3s,imap,imaps,submission,465,sieve”, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
bantime = 36000 #單位為秒,這邊是10小時
[named-refused-udp]
enabled = true
filter = named-refused
action = iptables-multiport[name=Named, port=”domain,953″, protocol=udp]
logpath = /var/log/named/named_security.log
bantime = 30000000
[named-refused-tcp]
enabled = true
filter = named-refused
action = iptables-multiport[name=Named, port=”domain,953″, protocol=tcp]
logpath = /var/log/named/named_security.log
bantime = 30000000
fail2ban-client status 查看全部有幾組設定檔
fail2ban-client status dovecot 查看dovecot規則的狀態
查看目前防火牆阻擋的情況
iptables -L -n
iptables -S
誤判清除與開放:
若是某些原因造成誤鎖,可用iptables打開它
先查看規則鏈 iptables -n -L
Chain f2b-dovecot (1 references)
target prot opt source destination
REJECT all — 123.456.789.123 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all — 0.0.0.0/0 0.0.0.0/0
iptables -D f2b-dovecot -s 123.456.789.123 -j REJECT
這樣就移掉了