Addition/Harden.iRedMail.with.Fail2ban

From iRedMail

Revision as of 11:54, 7 April 2011 by ZhangHuangbin (Talk | contribs)
Jump to: navigation, search

Contents


Summary

Fail2ban scans log files like /var/log/maillog or /var/log/auth.log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

We can use Fail2ban to ban IP addresses which who want to crack your mail accounts.

Install Fail2ban

  • On RHEL/CentOS, you can install fail2ban with iRedMail yum repository, it's enabled by default.
Terminal: 
# yum install fail2ban
  • On Debian/Ubuntu, you can install fail2ban with official repository:
Terminal: 
# apt-get install fail2ban
  • On openSUSE, you can install fail2ban with iRedMail repository, it's enabled by default.
Terminal: 
# zypper install fail2ban
  • On FreeBSD, you can install fail2ban with ports tree:
Terminal: 
# cd /usr/ports/security/py-fail2ban
# make install clean

Configure Fail2ban

On Linux:

  • major configure files of Fail2ban are:
    • /etc/fail2ban/fail2ban.conf
    • /etc/fail2ban/jail.conf
    • /etc/fail2ban/filter.d/*.conf
  • Fail2ban will read user custom config file "/etc/fail2ban/jail.local" by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files.


On FreeBSD:

  • major configure files of Fail2ban are:
    • /usr/local/etc/fail2ban/fail2ban.conf
    • /usr/local/etc/fail2ban/jail.conf
    • /usr/local/etc/fail2ban/filter.d/*.conf
  • Fail2ban will read user custom config file "/usr/local/etc/fail2ban/jail.local" by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files.
Retrieved from "http://www.iredmail.org/wiki/index.php?title=Addition/Harden.iRedMail.with.Fail2ban"
Personal tools