Obsah

Fail2ban

automaticky blokuje IP adresy po urcitem poctu nespravnych prihlaseni k dane sluzbe.

Rucni blokace

  1. zjistime si jmeno pozadovaneho jailu
    $ sudo fail2ban-client status
Status
|- Number of jail:      4
`- Jail list:   nginx-botsearch, postfix, postfix-sasl, sshd
  2. a zablokujeme pro danou IP adresu
    $ sudo fail2ban-client -vvv set <jail> banip <IP adresa>                                                                                                         
 +  289 7F11A493AB80 fail2ban.configreader     INFO  Loading configs for fail2ban under /etc/fail2ban                                                                                         
 +  290 7F11A493AB80 fail2ban.configreader     DEBUG Reading configs for fail2ban under /etc/fail2ban                                                                                         
 +  290 7F11A493AB80 fail2ban.configreader     DEBUG Reading config files: /etc/fail2ban/fail2ban.conf                                                                                        
 +  291 7F11A493AB80 fail2ban.configparserinc  INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']                                                                                         
 +  291 7F11A493AB80 fail2ban.configparserinc  TRACE     Reading file: /etc/fail2ban/fail2ban.conf                                                                                            
 +  292 7F11A493AB80 fail2ban.configparserinc  INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']                                                                                         
 +  292 7F11A493AB80 fail2ban.configparserinc  TRACE     Shared file: /etc/fail2ban/fail2ban.conf                                                                                             
 +  292 7F11A493AB80 fail2ban                  INFO  Using socket file /var/run/fail2ban/fail2ban.sock                                                                                        
 +  292 7F11A493AB80 fail2ban                  INFO  Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log                                                   
 +  293 7F11A493AB80 fail2ban                  HEAVY CMD: ['set', 'postfix-sasl', 'banip', '212.70.149.57']                                                                                   
 + 1474 7F11A493AB80 fail2ban                  HEAVY OK : 1
 + 1475 7F11A493AB80 fail2ban.beautifier       HEAVY Beautify 1 with ['set', 'postfix-sasl', 'banip', '212.70.149.57']                                                                        
1
 + 1475 7F11A493AB80 fail2ban                  DEBUG Exit with code 0
  3. a overime
    $ sudo fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
    `- Banned IP list:   212.70.149.57

Kontrola blokovani pomoci iptables

$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-postfix-sasl  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 25,465,587,143,993,110,995
...
 
Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination         
REJECT     all  --  212.70.149.57        0.0.0.0/0            reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0