faill2ban Seguridad Linux
Trucos, configuraciones y aplicaciones concretas usando Fail2ban Archivo de configuración /etc/fail2ban/jail.local en Debian
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
[DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 192.168.13.0/24 bantime = 900 maxretry = 5 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". # yoh: For some reason Debian shipped python-gamin didn't work as expected # This issue left ToDo, so polling is default backend for now backend = polling # # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = root@localhost # Default action to take: ban only action = iptables[name=%(__name__)s, port=%(port)s] [ssh] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 3 [apache] enabled = true port = http filter = apache-auth logpath = /var/log/apache*/*access.log maxretry = 3 [apache-noscript] enabled = true port = http filter = apache-noscript logpath = /var/log/apache*/*error.log maxretry = 3 [postfix] enabled = true port = smtp filter = postfix logpath = /var/log/mail.log maxretry = 3 [sasl] enabled = true port = smtp filter = sasl logpath = /var/log/mail.log maxretry = 3 |
Como solucionar el problema de que no funcione el ban tras varios intentos fallidos de autenticación SASL en Debian Existe un problema con la expresión regular que aparece en el fichero /etc/fail2ban/filter.d/sasl.conf que hace match con las Leer másfaill2ban Seguridad Linux[…]