====== Fail2ban ======
automaticky blokuje IP adresy po urcitem poctu nespravnych prihlaseni k dane sluzbe.
===== Rucni blokace =====
- zjistime si jmeno pozadovaneho //jailu//
$ sudo fail2ban-client status
Status
|- Number of jail: 4
`- Jail list: nginx-botsearch, postfix, postfix-sasl, sshd
- a zablokujeme pro danou //IP adresu//
$ sudo fail2ban-client -vvv set banip
+ 289 7F11A493AB80 fail2ban.configreader INFO Loading configs for fail2ban under /etc/fail2ban
+ 290 7F11A493AB80 fail2ban.configreader DEBUG Reading configs for fail2ban under /etc/fail2ban
+ 290 7F11A493AB80 fail2ban.configreader DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
+ 291 7F11A493AB80 fail2ban.configparserinc INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
+ 291 7F11A493AB80 fail2ban.configparserinc TRACE Reading file: /etc/fail2ban/fail2ban.conf
+ 292 7F11A493AB80 fail2ban.configparserinc INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
+ 292 7F11A493AB80 fail2ban.configparserinc TRACE Shared file: /etc/fail2ban/fail2ban.conf
+ 292 7F11A493AB80 fail2ban INFO Using socket file /var/run/fail2ban/fail2ban.sock
+ 292 7F11A493AB80 fail2ban INFO Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
+ 293 7F11A493AB80 fail2ban HEAVY CMD: ['set', 'postfix-sasl', 'banip', '212.70.149.57']
+ 1474 7F11A493AB80 fail2ban HEAVY OK : 1
+ 1475 7F11A493AB80 fail2ban.beautifier HEAVY Beautify 1 with ['set', 'postfix-sasl', 'banip', '212.70.149.57']
1
+ 1475 7F11A493AB80 fail2ban DEBUG Exit with code 0
- a overime
$ sudo fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=postfix.service
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 212.70.149.57
===== Kontrola blokovani pomoci iptables =====
$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-postfix-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,143,993,110,995
...
Chain f2b-postfix-sasl (1 references)
target prot opt source destination
REJECT all -- 212.70.149.57 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0