[root@server ~]# yum -y install fail2ban
[root@server ~]# vi /etc/fail2ban/jail.conf
#鎖IP時間
bantime = 600
#幾秒內
findtime = 600
#錯誤次數
maxretry = 3
# 目前有啟動的服務
[dovecot]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
sendmail-whois[name=dovecot-pop3imap, dest=root, sender=fail2ban@*****.com]
# optionaly mail notification # mail[name=dovecot-pop3imap, dest=root@domain] # see /etc/fail2ban/a
logpath = /var/log/maillog
maxretry = 3
findtime = 3600
bantime = 3600
[postfix]
enabled = true
filter = postfix
action = iptables[name=SMTP, port=smtp, protocol=tcp]
sendmail-whois[name=Postfix-SMTP, dest=root, sender=fail2ban@*****.com]
logpath = /var/log/maillog
maxretry = 3
findtime = 3600
bantime = 3600
[ssh]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@*****.com]
logpath = /var/log/secure
maxretry = 5
沒有留言:
張貼留言