起因
由於 POP3 的 services 常常被猜密碼覺得煩麻煩的,所以想要把這些猜密碼的位址阻擋。
安裝套件
fail2ban-0.8.4-23.el4.noarch.rpm (http://www.fail2ban.org/wiki/index.php/Downloads)
gamin-0.1.7-1.4.EL4.i386.rpm (CentOS 4.6 CD#1)
gamin-python-0.1.7-1.4.EL4.i386.rpm (CentOS 4.6 CD#3)
shorewall-4.4.18-1.noarch.rpm (http://www.shorewall.net/)
設定
/etc/fail2ban/jail.conf
[dovecot-check]
enabled = true
filter = dovecot-check
action = iptables-multiport[name=dovecot-check, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail/dovecot
ignoreip = 168.192.0.1 192.168.1.0/24
bantime = 1800
findtime = 300
maxretry = 3
/etc/fail2ban/fail2ban.conf
logtarget = /var/log/fail2ban.log
/etc/fail2ban/filter.d/dovecot-check.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
ignoreregex =
啟動
/etc/rc.d/init.d/fail2ban start
檢查
1./etc/rc.d/init.d/fail2ban status
2.cat /var/log/fail2ban.log
3.iptables -L
參考資料
http://wiki.dovecot.org/HowTo/Fail2Ban
http://cha.homeip.net/blog/archives/2007/06/_fail2ban_ip.html
http://www.mamu.com.tw/blog/2008/06/12/fail2ban-install/
0 意見:
張貼留言