インストール
- epel リポジトリ
# yum install -y fail2ban
設定
/etc/fail2ban/fail2ban.local
[Definition] loglevel = NOTICE
/etc/fail2ban/jail.local
[DEFAULT] bantime = 86400 findtime = 86400 maxretry = 3 destemail = root sender = fail2ban mta = postfix banaction = firewallcmd-ipset banaction_allports = firewallcmd-multiport [apache-auth] enabled = true port = http,https logpath = %(apache_error_log)s [apache-badbots] # Ban hosts which agent identifies spammer robots crawling the web # for email addresses. The mail outputs are buffered. enabled = true port = http,https logpath = %(apache_access_log)s bantime = 172800 maxretry = 1 [apache-overflows] enabled = true port = http,https logpath = %(apache_error_log)s maxretry = 2 [apache-modsecurity] enabled = true port = http,https logpath = %(apache_error_log)s maxretry = 2 [apache-shellshock] enabled = true port = http,https logpath = %(apache_error_log)s maxretry = 1 [postfix] enabled = true port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s [postfix-rbl] enabled = true port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s maxretry = 1 [postfix-sasl] enabled = true port = smtp,465,submission,imap3,imaps,pop3,pop3s # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = %(postfix_log)s backend = %(postfix_backend)s
サービス設定
# systemctl start fail2ban
# systemctl enable fail2ban
# systemctl status -l fail2ban
alias
- /root/.bashrc
alias fail2ban-status-all="fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status"
ブロックしている IP アドレスの確認
# ipset --list