{"id":48,"date":"2018-08-29T01:35:18","date_gmt":"2018-08-28T17:35:18","guid":{"rendered":"https:\/\/twmis.com\/?p=48"},"modified":"2024-10-10T15:03:35","modified_gmt":"2024-10-10T07:03:35","slug":"centos-7%e5%ae%89%e8%a3%9dfail2ban","status":"publish","type":"post","link":"https:\/\/twmis.com\/?p=48","title":{"rendered":"CentOS 7\u5b89\u88ddfail2ban(iptables)"},"content":{"rendered":"<p>CentOS 7\u5b89\u88ddfail2ban<\/p>\n<p><!--more--><\/p>\n<p>1.yum<\/p>\n<p>yum -y install fail2ban<\/p>\n<p>2.setup<\/p>\n<p>vi \/etc\/fail2ban\/jail.conf<\/p>\n<p>[ssh-iptables]<br \/>\nenabled = true<br \/>\nfilter = sshd<br \/>\naction = iptables[name=SSH, port=ssh, protocol=tcp]<br \/>\nlogpath = \/var\/log\/secure<br \/>\nmaxretry = 3<br \/>\nbantime = 86400<\/p>\n<p>[vsftpd-iptables]<br \/>\nenabled = true<br \/>\nfilter = vsftpd<br \/>\naction = iptables[name=VSFTPD, port=ftp, protocol=tcp]<br \/>\nlogpath = \/var\/log\/secure<br \/>\nmaxretry = 3<br \/>\nbantime = 86400<\/p>\n<p>[dovecot]<br \/>\nenabled = true<br \/>\nfilter = dovecot<br \/>\naction = iptables-multiport[name=dovecot, port=&#8221;pop3,pop3s,imap,imaps,smtp,smtps,submission,sieve&#8221;, protocol=tcp]<br \/>\nlogpath = \/var\/log\/secure<br \/>\nmaxretry = 5<br \/>\nbantime = 36000 #\u55ae\u4f4d\u70ba\u79d2,\u9019\u908a\u662f10\u5c0f\u6642<\/p>\n<p>[dovecot-auth]<br \/>\nenabled = true<br \/>\nfilter = dovecot<br \/>\naction = iptables-multiport[name=dovecot-auth, port=&#8221;pop3,pop3s,imap,imaps,submission,465,sieve&#8221;, protocol=tcp]<br \/>\nlogpath = \/var\/log\/secure<br \/>\nmaxretry = 5<br \/>\nbantime = 36000 #\u55ae\u4f4d\u70ba\u79d2,\u9019\u908a\u662f10\u5c0f\u6642<\/p>\n<p>[named-refused-udp]<br \/>\nenabled = true<br \/>\nfilter = named-refused<br \/>\naction = iptables-multiport[name=Named, port=&#8221;domain,953&#8243;, protocol=udp]<br \/>\nlogpath = \/var\/log\/named\/named_security.log<br \/>\nbantime = 30000000<\/p>\n<p>[named-refused-tcp]<br \/>\nenabled = true<br \/>\nfilter = named-refused<br \/>\naction = iptables-multiport[name=Named, port=&#8221;domain,953&#8243;, protocol=tcp]<br \/>\nlogpath = \/var\/log\/named\/named_security.log<br \/>\nbantime = 30000000<\/p>\n<p>fail2ban-client status \u67e5\u770b\u5168\u90e8\u6709\u5e7e\u7d44\u8a2d\u5b9a\u6a94<br \/>\nfail2ban-client status dovecot \u67e5\u770bdovecot\u898f\u5247\u7684\u72c0\u614b<br \/>\n\u67e5\u770b\u76ee\u524d\u9632\u706b\u7246\u963b\u64cb\u7684\u60c5\u6cc1<br \/>\niptables -L -n<br \/>\niptables -S<\/p>\n<p>\u8aa4\u5224\u6e05\u9664\u8207\u958b\u653e:<br \/>\n\u82e5\u662f\u67d0\u4e9b\u539f\u56e0\u9020\u6210\u8aa4\u9396,\u53ef\u7528iptables\u6253\u958b\u5b83<\/p>\n<p>\u5148\u67e5\u770b\u898f\u5247\u93c8 iptables -n -L<br \/>\nChain f2b-dovecot (1 references)<br \/>\ntarget prot opt source destination<br \/>\nREJECT all &#8212; 123.456.789.123 0.0.0.0\/0 reject-with icmp-port-unreachable<br \/>\nRETURN all &#8212; 0.0.0.0\/0 0.0.0.0\/0<\/p>\n<p>iptables -D f2b-dovecot -s 123.456.789.123 -j REJECT<br \/>\n\u9019\u6a23\u5c31\u79fb\u6389\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CentOS 7\u5b89\u88ddfail2ban<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-centos"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48"}],"version-history":[{"count":0,"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions"}],"wp:attachment":[{"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}