安装fail2ban过滤vpopmail暴力破解密码
安装fail2ban过滤vpopmail暴力破解密码
超级超级管理员 发表于1年前
安装fail2ban过滤vpopmail暴力破解密码
  • 发表于 1年前
  • 阅读 29
  • 收藏 0
  • 点赞 0
  • 评论 0

腾讯云 学生专属云服务套餐 10元起购>>>   

直接yum install -y fail2ban 就可以了,这主要记录一些配置信息

1, 主配置文件

# vi /etc/fail2ban/fail2ban.conf

logtarget = /var/log/fail2ban.log

2,添加filter

# vi /etc/fail2ban/filter.d/vpopmail.conf

# Fail2Ban filter vpopmail authentication
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = vpopmail

# ^%(__prefix_line)svchkpw-smtp: vpopmail user not found .*@:<HOST>

failregex = ^%(__prefix_line)svchkpw-smtp: vpopmail user not found .*@:<HOST>
            ^%(__prefix_line)svchkpw-(smtp|submission): password fail.*@.*:<HOST>

ignoreregex = 

3,注册vpopmail

#vi /etc/fail2ban/jail.conf
[vpopmail]

enabled = true
filter  = vpopmail
action  = iptables-multiport[name=vpopmail,port="25,465,587"]
logpath = /var/log/maillog

4,查看filter状态

[root@localhost fail2ban]#  fail2ban-client status vpopmail
Status for the jail: vpopmail
|- filter
|  |- File list:        /var/log/maillog
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

现在可以找几条记录放到a.txt里面进行测试

[root@localhost fail2ban]# fail2ban-regex a.txt /etc/fail2ban/filter.d/vpopmail.conf

Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/vpopmail.conf
Use         log file : a.txt


Results
=======

Failregex: 3 total
|-  #) [# of hits] regular expression
|   1) [1] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?vpopmail(?:\(\S+\))?[\]\)]?:?|[\[\(]?vpopmail(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*vchkpw-smtp: vpopmail user not found .*@:<HOST>
|   2) [2] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?vpopmail(?:\(\S+\))?[\]\)]?:?|[\[\(]?vpopmail(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*vchkpw-(smtp|submission): password fail.*@.*:<HOST>
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [3] MONTH Day Hour:Minute:Second
`-

Lines: 3 lines, 0 ignored, 3 matched, 0 missed

这里面三条规则全部命中,可以自己改下规则或者日志记录进行调试

# 这里面用于测试的3条记录
Nov 15 07:26:08 localhost vpopmail[27693]: vchkpw-smtp: password fail (pass: 'Ab123321') sales@abc.cn:112.123.54.250
Nov 15 14:36:26 localhost vpopmail[26443]: vchkpw-smtp: vpopmail user not found ligj@:111.181.33.91
Nov 15 07:18:10 localhost vpopmail[24302]: vchkpw-submission: password fail (pass: '12345a') test@test.cn:46.183.221.123
标签: fail2ban vpopmail
共有 人打赏支持
粉丝 3
博文 34
码字总数 37697
×
超级超级管理员
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: