fail2banのインストール
インストール
# dnf -y install fail2ban
fail2banの設定
設定
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# vi /etc/fail2ban/jail.local
# "bantime" is the number of seconds that a host is banned.
bantime = 1d
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 1h
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
・
・
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root
# Sender email address used solely for some actions
sender = root
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = postfix
・
・
#
# Action shortcuts. To be used to define action parameter
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
#banaction = iptables-multiport
banaction = firewallcmd-ipset
#banaction_allports = iptables-allports
banaction_allports = firewallcmd-allports
・
・
#
# SSH servers
#
[sshd]
enabled = true
・
・
#
# HTTP servers
#
[apache-auth]
enable = true
・
・
[postfix]
enabled = true
・
・
[postfix-sasl]
enabled = true
・
・
# dovecot defaults to logging to the mail syslog facility
# but can be set by syslog_facility in the dovecot configuration.
[dovecot]
enabled = true
fail2banの起動
起動
# systemctl start fail2ban
# systemctl enable fail2ban
設定を変更した時などクライアントリロード
# fail2ban-client reload
fail2banの動作確認
sshd
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
postfix-sasl
# fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 16
| |- Total failed: 505
| `- Journal matches: _SYSTEMD_UNIT=postfix.service
`- Actions
|- Currently banned: 2
|- Total banned: 2
`- Banned IP list: <BANされたIPアドレス>
その他
個別にBAN設定
# fail2ban-client -v set postfix-sasl banip xxx.xxx.xxx.0/24