CentOS8でサーバー構築 - 12.不正アクセスブロック(fail2ban)

fail2banのインストール

インストール
# dnf -y install fail2ban

fail2banの設定

設定
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# vi /etc/fail2ban/jail.local
# "bantime" is the number of seconds that a host is banned.
bantime  = 1d

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1h

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
・
・
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root

# Sender email address used solely for some actions
sender = root

# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = postfix
・
・
#
# Action shortcuts. To be used to define action parameter

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
#banaction = iptables-multiport
banaction = firewallcmd-ipset

#banaction_allports = iptables-allports
banaction_allports = firewallcmd-allports
・
・
#
# SSH servers
#

[sshd]
enabled = true
・
・
#
# HTTP servers
#

[apache-auth]
enable = true
・
・
[postfix]
enabled = true
・
・
[postfix-sasl]
enabled   = true
・
・
# dovecot defaults to logging to the mail syslog facility
# but can be set by syslog_facility in the dovecot configuration.
[dovecot]
enabled = true

fail2banの起動

起動
# systemctl start fail2ban
# systemctl enable fail2ban
設定を変更した時などクライアントリロード
#  fail2ban-client reload

fail2banの動作確認

sshd
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
postfix-sasl
# fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed: 16
|  |- Total failed:     505
|  `- Journal matches:  _SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned: 2
   |- Total banned:     2
   `- Banned IP list:   <BANされたIPアドレス>

その他

個別にBAN設定
# fail2ban-client -v set postfix-sasl banip xxx.xxx.xxx.0/24