linux:fail2ban
Toto je starší verze dokumentu!
Fail2ban
automaticky blokuje IP adresy po urcitem poctu nespravnych prihlaseni k dane sluzbe.
Rucni blokace
- zjistime si jmeno pozadovaneho jailu
$ sudo fail2ban-client status Status |- Number of jail: 4 `- Jail list: nginx-botsearch, postfix, postfix-sasl, sshd
- a zablokujeme pro danou IP adresu
$ sudo fail2ban-client -vvv set <jail> banip <IP adresa> + 289 7F11A493AB80 fail2ban.configreader INFO Loading configs for fail2ban under /etc/fail2ban + 290 7F11A493AB80 fail2ban.configreader DEBUG Reading configs for fail2ban under /etc/fail2ban + 290 7F11A493AB80 fail2ban.configreader DEBUG Reading config files: /etc/fail2ban/fail2ban.conf + 291 7F11A493AB80 fail2ban.configparserinc INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] + 291 7F11A493AB80 fail2ban.configparserinc TRACE Reading file: /etc/fail2ban/fail2ban.conf + 292 7F11A493AB80 fail2ban.configparserinc INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] + 292 7F11A493AB80 fail2ban.configparserinc TRACE Shared file: /etc/fail2ban/fail2ban.conf + 292 7F11A493AB80 fail2ban INFO Using socket file /var/run/fail2ban/fail2ban.sock + 292 7F11A493AB80 fail2ban INFO Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log + 293 7F11A493AB80 fail2ban HEAVY CMD: ['set', 'postfix-sasl', 'banip', '212.70.149.57'] + 1474 7F11A493AB80 fail2ban HEAVY OK : 1 + 1475 7F11A493AB80 fail2ban.beautifier HEAVY Beautify 1 with ['set', 'postfix-sasl', 'banip', '212.70.149.57'] 1 + 1475 7F11A493AB80 fail2ban DEBUG Exit with code 0
- a overime
$ sudo fail2ban-client status postfix-sasl Status for the jail: postfix-sasl |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- Journal matches: _SYSTEMD_UNIT=postfix.service `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 212.70.149.57
linux/fail2ban.1647080095.txt.gz · Poslední úprava: 2022/03/12 10:14 autor: nost23