Fail2Ban

From The Brainwrecked Wiki
Revision as of 10:05, 8 December 2019 by BrainwreckedTech (talk | contribs) (Created page.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Fail2Ban Setup

Main Configuration

/etc/fail2ban/jail.local
[DEFAULT]
bantime         = 1d
destemail       = root@bwt.com.de
sender          = fail2ban@bwt.com.de
action          = %(action_mwl)s

SSHD Configuration

/etc/fail2ban/jail.d/sshd.local
[sshd]
enabled         = true
filter          = sshd
banaction       = iptables
backend         = systemd
maxretry        = 5
findtime        = 1d
bantime         = 2w
ignoreip        = 127.0.0.1/8

Postfix-ISPmail Configuration

/etc/fail2ban/jail.d/postfix-ispmail.local
[postfix-ispmail]
enabled         = true
filter          = postfix
port            = smtp,submission
banaction       = iptables
backend         = systemd
maxretry        = 5
findtime        = 1d
bantime         = 2w
ignoreip        = 192.99.246.231/32
/etc/fail2ban/filter.d/postfix-ispmail.conf
[INCLUDES]
before = common.conf

[Definition]
_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)slost connection after AUTH from \S+\[<HOST>\]$
ignoreregex =

[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
Retrieved from "https://wiki.bwt.com.de/index.php?title=Fail2Ban&oldid=341"