Addition/Harden.iRedMail.with.Fail2ban
From iRedMail
(Difference between revisions)
(Created page with '__TOC__ = Summary = Fail2ban scans log files like /var/log/maillog or /var/log/auth.log and bans IP that makes too many password failures. It updates firewall rules to reject tâĤ') |
(âConfigure Fail2ban) |
||
| Line 32: | Line 32: | ||
= Configure Fail2ban = | = Configure Fail2ban = | ||
| - | On Linux | + | On Linux: |
| - | * /etc/fail2ban/fail2ban.conf | + | * major configure files of Fail2ban are: |
| - | * /etc/fail2ban/jail.conf | + | ** /etc/fail2ban/fail2ban.conf |
| - | * /etc/fail2ban/filter.d/*.conf | + | ** /etc/fail2ban/jail.conf |
| + | ** /etc/fail2ban/filter.d/*.conf | ||
| + | * Fail2ban will read user custom config file '''"/etc/fail2ban/jail.local"''' by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files. | ||
| - | |||
| - | + | On FreeBSD: | |
| - | On FreeBSD | + | * major configure files of Fail2ban are: |
| - | * /usr/local/etc/fail2ban/fail2ban.conf | + | ** /usr/local/etc/fail2ban/fail2ban.conf |
| - | * /usr/local/etc/fail2ban/jail.conf | + | ** /usr/local/etc/fail2ban/jail.conf |
| - | * /usr/local/etc/fail2ban/filter.d/*.conf | + | ** /usr/local/etc/fail2ban/filter.d/*.conf |
| - | + | * Fail2ban will read user custom config file '''"/usr/local/etc/fail2ban/jail.local"''' by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files. | |
| - | Fail2ban will read user custom config file '''"/usr/local/etc/fail2ban/jail.local"''' by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files. | + | |
Revision as of 11:54, 7 April 2011
Contents |
Summary
Fail2ban scans log files like /var/log/maillog or /var/log/auth.log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.
We can use Fail2ban to ban IP addresses which who want to crack your mail accounts.
Install Fail2ban
- On RHEL/CentOS, you can install fail2ban with iRedMail yum repository, it's enabled by default.
| Terminal: |
# yum install fail2ban |
- On Debian/Ubuntu, you can install fail2ban with official repository:
| Terminal: |
# apt-get install fail2ban |
- On openSUSE, you can install fail2ban with iRedMail repository, it's enabled by default.
| Terminal: |
# zypper install fail2ban |
- On FreeBSD, you can install fail2ban with ports tree:
| Terminal: |
# cd /usr/ports/security/py-fail2ban # make install clean |
Configure Fail2ban
On Linux:
- major configure files of Fail2ban are:
- /etc/fail2ban/fail2ban.conf
- /etc/fail2ban/jail.conf
- /etc/fail2ban/filter.d/*.conf
- Fail2ban will read user custom config file "/etc/fail2ban/jail.local" by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files.
On FreeBSD:
- major configure files of Fail2ban are:
- /usr/local/etc/fail2ban/fail2ban.conf
- /usr/local/etc/fail2ban/jail.conf
- /usr/local/etc/fail2ban/filter.d/*.conf
- Fail2ban will read user custom config file "/usr/local/etc/fail2ban/jail.local" by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files.
