freebsd:network:fail2ban
Это старая версия документа!
Fail2Ban: ударим банхаммером по брутефорсу!
Введение
Настройка
jail.local:
[DEFAULT] banaction = my-pf action = my-pf[table=bruteforce] ignoreip = 127.0.0.1 10.30.10.0/24 bantime = 7200 findtime = 259200 maxretry = 3 [ssh] enabled = true filter = bsd-sshd logpath = /var/log/auth.log [dovecot] enabled = true filter = dovecot [sendmail] enabled = true filter = bsd-sendmail [sendmail-auth] enabled = true [sendmail-reject] enabled = true [sendmail-sasl] enabled = true filter = sendmail-sasl action = my-pf[table=bruteforce] port="submission,465,smtp", protocol=tcp] logpath = /var/log/maillog
my-pf.conf:
[Definition] actionstart = actionstop = actioncheck = actionban = /sbin/pfctl -t <tablename> -T add <ip>/32 actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32 [Init] tablename = fail2ban
sendmail-sasl.conf:
# Fail2Ban filter for sendmail authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = sendmail
failregex = ^%(__prefix_line)s\w{12,14}: AUTH failure \(LOGIN\): authentication failure \(-13\) SASL\(-13\): authentication failure: checkpass failed, relay=(\S+ )?\[<HOST>\]( \(may be forged\))?$
ignoreregex =
sendmail:
define(`confLOG_LEVEL', `10')dnl
freebsd/network/fail2ban.1592403181.txt.gz · Последнее изменение: — andrei