Remove Awstats in installation tutorials.
This commit is contained in:
parent
b69c177679
commit
28f6be6b53
|
@ -17,29 +17,26 @@ files to replace old hostname by the new one:
|
|||
* `/var/spool/postfix/etc/hosts`
|
||||
* `/etc/postfix/main.cf` (Linux/OpenBSD) or `/usr/local/etc/postfix/main.cf` (FreeBSD)
|
||||
|
||||
## Awstats
|
||||
|
||||
* `/etc/awstats/awstats.web.conf`
|
||||
* `/etc/awstats/awstats.smtp.conf`
|
||||
|
||||
## Apache
|
||||
|
||||
* RHEL/CentOS: `/etc/httpd/conf/httpd.conf`
|
||||
* Debian/Ubuntu: `/etc/apache2/apache.conf`
|
||||
|
||||
## Amavisd
|
||||
|
||||
* RHEL/CentOS, OpenBSD: `/etc/amavisd/amavisd.conf`
|
||||
* Debian/Ubuntu: `/etc/amavis/conf.d/50-user`
|
||||
* FreeBSD: `/usr/local/etc/amavisd.conf`
|
||||
|
||||
## OpenDMARC:
|
||||
|
||||
* Linux/OpenBSD: `/etc/opendmarc.conf` (parameter `AuthservID` and `TrustedAuthservIDs`)
|
||||
* FreeBSD: `/usr/local/etc/opendmarc.conf` (parameter `AuthservID` and `TrustedAuthservIDs`)
|
||||
|
||||
## SOGO
|
||||
|
||||
* `/etc/httpd/conf.d/SOGo.conf`
|
||||
* `/etc/apache2/conf.d/SOGo.conf`
|
||||
* `/etc/apache2/conf-available/SOGo.conf`
|
||||
|
||||
## Deprecated Components
|
||||
|
||||
### Apache
|
||||
|
||||
* RHEL/CentOS: `/etc/httpd/conf/httpd.conf`
|
||||
* Debian/Ubuntu: `/etc/apache2/apache.conf`
|
||||
|
||||
## OpenDMARC:
|
||||
|
||||
* Linux/OpenBSD: `/etc/opendmarc.conf` (parameter `AuthservID` and `TrustedAuthservIDs`)
|
||||
* FreeBSD: `/usr/local/etc/opendmarc.conf` (parameter `AuthservID` and `TrustedAuthservIDs`)
|
||||
|
|
|
@ -207,8 +207,6 @@ hostname or IP address.
|
|||
* __Roundcube webmail__: <https://your_server/mail/>
|
||||
* __SOGo Groupware__: <https://your_server/SOGo>
|
||||
* __Web admin panel (iRedAdmin)__: <httpS://your_server/iredadmin/>
|
||||
* __Awstats__: <httpS://your_server/awstats/awstats.pl?config=web> (or
|
||||
`?config=smtp` for SMTP traffic log)
|
||||
|
||||
## Get technical support
|
||||
|
||||
|
|
|
@ -201,8 +201,6 @@ hostname or IP address.
|
|||
* __Roundcube webmail__: <https://your_server/mail/>
|
||||
* __SOGo Groupware__: <https://your_server/SOGo>
|
||||
* __Web admin panel (iRedAdmin)__: <httpS://your_server/iredadmin/>
|
||||
* __Awstats__: <httpS://your_server/awstats/awstats.pl?config=web> (or
|
||||
`?config=smtp` for SMTP traffic log)
|
||||
|
||||
## Get technical support
|
||||
|
||||
|
|
|
@ -228,8 +228,6 @@ hostname or IP address.
|
|||
* __Roundcube webmail__: <https://your_server/mail/>
|
||||
* __SOGo Groupware__: <https://your_server/SOGo>
|
||||
* __Web admin panel (iRedAdmin)__: <httpS://your_server/iredadmin/>
|
||||
* __Awstats__: <httpS://your_server/awstats/awstats.pl?config=web> (or
|
||||
`?config=smtp` for SMTP traffic log)
|
||||
|
||||
## Get technical support
|
||||
|
||||
|
|
|
@ -230,8 +230,6 @@ hostname or IP address.
|
|||
* __Roundcube webmail__: <https://your_server/mail/>
|
||||
* __SOGo Groupware__: <https://your_server/SOGo>
|
||||
* __Web admin panel (iRedAdmin)__: <httpS://your_server/iredadmin/>
|
||||
* __Awstats__: <httpS://your_server/awstats/awstats.pl?config=web> (or
|
||||
`?config=smtp` for SMTP traffic log)
|
||||
|
||||
## Get technical support
|
||||
|
||||
|
|
|
@ -234,8 +234,6 @@ hostname or IP address.
|
|||
* __Roundcube webmail__: <https://your_server/mail/>
|
||||
* __SOGo Groupware__: <https://your_server/SOGo>
|
||||
* __Web admin panel (iRedAdmin)__: <httpS://your_server/iredadmin/>
|
||||
* __Awstats__: <httpS://your_server/awstats/awstats.pl?config=web> (or
|
||||
`?config=smtp` for SMTP traffic log)
|
||||
|
||||
## Get technical support
|
||||
|
||||
|
|
|
@ -62,6 +62,49 @@ USE amavisd;
|
|||
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
|
||||
```
|
||||
|
||||
### Improvement: Store more info in Fail2ban SQL db
|
||||
|
||||
!!! attention
|
||||
|
||||
Since iRedMail-1.2, Fail2ban is configured to [store banned IP addresses in
|
||||
SQL database](./fail2ban.sql.html), if you're running an old iRedMail
|
||||
release, please upgrade your iRedMail server by following the upgrade
|
||||
tutorials: [iRedMail release notes and upgrade tutorials](./iredmail.releases.html).
|
||||
|
||||
With changes below, we now store matched log lines which triggerred the ban in
|
||||
Fail2ban SQL database, also number of times the failure occurred in log files.
|
||||
|
||||
Please run SQL commands below as MySQL root user:
|
||||
|
||||
```
|
||||
USE fail2ban;
|
||||
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
|
||||
ALTER TABLE banned ADD COLUMN loglines TEXT;
|
||||
```
|
||||
|
||||
Now open file `/etc/fail2ban/action.d/banned_db.conf`, find the `actionban =`
|
||||
line like below:
|
||||
|
||||
```
|
||||
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
|
||||
```
|
||||
|
||||
Replace it by:
|
||||
|
||||
```
|
||||
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
|
||||
```
|
||||
|
||||
Download improved shell script and replace the existing one:
|
||||
|
||||
```
|
||||
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
|
||||
mv fail2ban_banned_db /usr/local/bin/
|
||||
chmod 0550 /usr/local/bin/fail2ban_banned_db
|
||||
```
|
||||
|
||||
Now restart Fail2ban service.
|
||||
|
||||
## MySQL/MariaDB backend special
|
||||
|
||||
### Add missing index for SQL column `msgs.time_iso` in `amavisd` database
|
||||
|
@ -72,3 +115,103 @@ Please run SQL commands below as MySQL root user:
|
|||
USE amavisd;
|
||||
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
|
||||
```
|
||||
|
||||
### Improvement: Store more info in Fail2ban SQL db
|
||||
|
||||
!!! attention
|
||||
|
||||
Since iRedMail-1.2, Fail2ban is configured to [store banned IP addresses in
|
||||
SQL database](./fail2ban.sql.html), if you're running an old iRedMail
|
||||
release, please upgrade your iRedMail server by following the upgrade
|
||||
tutorials: [iRedMail release notes and upgrade tutorials](./iredmail.releases.html).
|
||||
|
||||
With changes below, we now store matched log lines which triggerred the ban in
|
||||
Fail2ban SQL database, also number of times the failure occurred in log files.
|
||||
|
||||
Please run SQL commands below as MySQL root user:
|
||||
|
||||
```
|
||||
USE fail2ban;
|
||||
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
|
||||
ALTER TABLE banned ADD COLUMN loglines TEXT;
|
||||
```
|
||||
|
||||
Now open file `/etc/fail2ban/action.d/banned_db.conf`, find the `actionban =`
|
||||
line like below:
|
||||
|
||||
```
|
||||
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
|
||||
```
|
||||
|
||||
Replace it by:
|
||||
|
||||
```
|
||||
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
|
||||
```
|
||||
|
||||
Download improved shell script and replace the existing one:
|
||||
|
||||
```
|
||||
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
|
||||
mv fail2ban_banned_db /usr/local/bin/
|
||||
chmod 0550 /usr/local/bin/fail2ban_banned_db
|
||||
```
|
||||
|
||||
Now restart Fail2ban service.
|
||||
|
||||
## PostgreSQL backend special
|
||||
|
||||
### Improvement: Store more info in Fail2ban SQL db
|
||||
|
||||
!!! attention
|
||||
|
||||
Since iRedMail-1.2, Fail2ban is configured to [store banned IP addresses in
|
||||
SQL database](./fail2ban.sql.html), if you're running an old iRedMail
|
||||
release, please upgrade your iRedMail server by following the upgrade
|
||||
tutorials: [iRedMail release notes and upgrade tutorials](./iredmail.releases.html).
|
||||
|
||||
With changes below, we now store matched log lines which triggerred the ban in
|
||||
Fail2ban SQL database, also number of times the failure occurred in log files.
|
||||
|
||||
Please follow steps below to apply required changes.
|
||||
|
||||
* Connect to PostgreSQL server as `postgres` user and connect to `vmail` database:
|
||||
* on Linux, it's `postgres` user
|
||||
* on FreeBSD, it's `pgsql` user
|
||||
* on OpenBSD, it's `_postgresql` user
|
||||
|
||||
```
|
||||
su - postgres
|
||||
psql -d fail2ban
|
||||
```
|
||||
|
||||
* Run SQL commands below:
|
||||
|
||||
```
|
||||
\c fail2ban;
|
||||
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
|
||||
ALTER TABLE banned ADD COLUMN loglines TEXT;
|
||||
```
|
||||
|
||||
* Open file `/etc/fail2ban/action.d/banned_db.conf`, find the `actionban =`
|
||||
line like below:
|
||||
|
||||
```
|
||||
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
|
||||
```
|
||||
|
||||
Replace it by:
|
||||
|
||||
```
|
||||
actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
|
||||
```
|
||||
|
||||
* Download improved shell script and replace the existing one:
|
||||
|
||||
```
|
||||
wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
|
||||
mv fail2ban_banned_db /usr/local/bin/
|
||||
chmod 0550 /usr/local/bin/fail2ban_banned_db
|
||||
```
|
||||
|
||||
* Now restart Fail2ban service.
|
||||
|
|
|
@ -40,32 +40,28 @@ files to replace old hostname by the new one:</p>
|
|||
<li><code>/var/spool/postfix/etc/hosts</code></li>
|
||||
<li><code>/etc/postfix/main.cf</code> (Linux/OpenBSD) or <code>/usr/local/etc/postfix/main.cf</code> (FreeBSD)</li>
|
||||
</ul>
|
||||
<h2 id="awstats">Awstats</h2>
|
||||
<ul>
|
||||
<li><code>/etc/awstats/awstats.web.conf</code></li>
|
||||
<li><code>/etc/awstats/awstats.smtp.conf</code></li>
|
||||
</ul>
|
||||
<h2 id="apache">Apache</h2>
|
||||
<ul>
|
||||
<li>RHEL/CentOS: <code>/etc/httpd/conf/httpd.conf</code></li>
|
||||
<li>Debian/Ubuntu: <code>/etc/apache2/apache.conf</code></li>
|
||||
</ul>
|
||||
<h2 id="amavisd">Amavisd</h2>
|
||||
<ul>
|
||||
<li>RHEL/CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
|
||||
<li>Debian/Ubuntu: <code>/etc/amavis/conf.d/50-user</code></li>
|
||||
<li>FreeBSD: <code>/usr/local/etc/amavisd.conf</code></li>
|
||||
</ul>
|
||||
<h2 id="opendmarc">OpenDMARC:</h2>
|
||||
<ul>
|
||||
<li>Linux/OpenBSD: <code>/etc/opendmarc.conf</code> (parameter <code>AuthservID</code> and <code>TrustedAuthservIDs</code>)</li>
|
||||
<li>FreeBSD: <code>/usr/local/etc/opendmarc.conf</code> (parameter <code>AuthservID</code> and <code>TrustedAuthservIDs</code>)</li>
|
||||
</ul>
|
||||
<h2 id="sogo">SOGO</h2>
|
||||
<ul>
|
||||
<li><code>/etc/httpd/conf.d/SOGo.conf</code></li>
|
||||
<li><code>/etc/apache2/conf.d/SOGo.conf</code></li>
|
||||
<li><code>/etc/apache2/conf-available/SOGo.conf</code></li>
|
||||
</ul>
|
||||
<h2 id="deprecated-components">Deprecated Components</h2>
|
||||
<h3 id="apache">Apache</h3>
|
||||
<ul>
|
||||
<li>RHEL/CentOS: <code>/etc/httpd/conf/httpd.conf</code></li>
|
||||
<li>Debian/Ubuntu: <code>/etc/apache2/apache.conf</code></li>
|
||||
</ul>
|
||||
<h2 id="opendmarc">OpenDMARC:</h2>
|
||||
<ul>
|
||||
<li>Linux/OpenBSD: <code>/etc/opendmarc.conf</code> (parameter <code>AuthservID</code> and <code>TrustedAuthservIDs</code>)</li>
|
||||
<li>FreeBSD: <code>/usr/local/etc/opendmarc.conf</code> (parameter <code>AuthservID</code> and <code>TrustedAuthservIDs</code>)</li>
|
||||
</ul><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div>
|
||||
|
|
|
@ -234,8 +234,6 @@ hostname or IP address.</p>
|
|||
<li><strong>Roundcube webmail</strong>: <a href="https://your_server/mail/">https://your_server/mail/</a></li>
|
||||
<li><strong>SOGo Groupware</strong>: <a href="https://your_server/SOGo">https://your_server/SOGo</a></li>
|
||||
<li><strong>Web admin panel (iRedAdmin)</strong>: <a href="httpS://your_server/iredadmin/">httpS://your_server/iredadmin/</a></li>
|
||||
<li><strong>Awstats</strong>: <a href="httpS://your_server/awstats/awstats.pl?config=web">httpS://your_server/awstats/awstats.pl?config=web</a> (or
|
||||
<code>?config=smtp</code> for SMTP traffic log)</li>
|
||||
</ul>
|
||||
<h2 id="get-technical-support">Get technical support</h2>
|
||||
<ul>
|
||||
|
|
|
@ -222,8 +222,6 @@ hostname or IP address.</p>
|
|||
<li><strong>Roundcube webmail</strong>: <a href="https://your_server/mail/">https://your_server/mail/</a></li>
|
||||
<li><strong>SOGo Groupware</strong>: <a href="https://your_server/SOGo">https://your_server/SOGo</a></li>
|
||||
<li><strong>Web admin panel (iRedAdmin)</strong>: <a href="httpS://your_server/iredadmin/">httpS://your_server/iredadmin/</a></li>
|
||||
<li><strong>Awstats</strong>: <a href="httpS://your_server/awstats/awstats.pl?config=web">httpS://your_server/awstats/awstats.pl?config=web</a> (or
|
||||
<code>?config=smtp</code> for SMTP traffic log)</li>
|
||||
</ul>
|
||||
<h2 id="get-technical-support">Get technical support</h2>
|
||||
<ul>
|
||||
|
|
|
@ -261,8 +261,6 @@ hostname or IP address.</p>
|
|||
<li><strong>Roundcube webmail</strong>: <a href="https://your_server/mail/">https://your_server/mail/</a></li>
|
||||
<li><strong>SOGo Groupware</strong>: <a href="https://your_server/SOGo">https://your_server/SOGo</a></li>
|
||||
<li><strong>Web admin panel (iRedAdmin)</strong>: <a href="httpS://your_server/iredadmin/">httpS://your_server/iredadmin/</a></li>
|
||||
<li><strong>Awstats</strong>: <a href="httpS://your_server/awstats/awstats.pl?config=web">httpS://your_server/awstats/awstats.pl?config=web</a> (or
|
||||
<code>?config=smtp</code> for SMTP traffic log)</li>
|
||||
</ul>
|
||||
<h2 id="get-technical-support">Get technical support</h2>
|
||||
<p>Please post all issues, feedbacks, feature requests, suggestions in our <a href="https://forum.iredmail.org/">online
|
||||
|
|
|
@ -254,8 +254,6 @@ hostname or IP address.</p>
|
|||
<li><strong>Roundcube webmail</strong>: <a href="https://your_server/mail/">https://your_server/mail/</a></li>
|
||||
<li><strong>SOGo Groupware</strong>: <a href="https://your_server/SOGo">https://your_server/SOGo</a></li>
|
||||
<li><strong>Web admin panel (iRedAdmin)</strong>: <a href="httpS://your_server/iredadmin/">httpS://your_server/iredadmin/</a></li>
|
||||
<li><strong>Awstats</strong>: <a href="httpS://your_server/awstats/awstats.pl?config=web">httpS://your_server/awstats/awstats.pl?config=web</a> (or
|
||||
<code>?config=smtp</code> for SMTP traffic log)</li>
|
||||
</ul>
|
||||
<h2 id="get-technical-support">Get technical support</h2>
|
||||
<ul>
|
||||
|
|
|
@ -260,8 +260,6 @@ hostname or IP address.</p>
|
|||
<li><strong>Roundcube webmail</strong>: <a href="https://your_server/mail/">https://your_server/mail/</a></li>
|
||||
<li><strong>SOGo Groupware</strong>: <a href="https://your_server/SOGo">https://your_server/SOGo</a></li>
|
||||
<li><strong>Web admin panel (iRedAdmin)</strong>: <a href="httpS://your_server/iredadmin/">httpS://your_server/iredadmin/</a></li>
|
||||
<li><strong>Awstats</strong>: <a href="httpS://your_server/awstats/awstats.pl?config=web">httpS://your_server/awstats/awstats.pl?config=web</a> (or
|
||||
<code>?config=smtp</code> for SMTP traffic log)</li>
|
||||
</ul>
|
||||
<h2 id="get-technical-support">Get technical support</h2>
|
||||
<ul>
|
||||
|
|
|
@ -27,10 +27,16 @@
|
|||
</li>
|
||||
<li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
|
||||
<li><a href="#add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database">Add missing index for SQL column msgs.time_iso in amavisd database</a></li>
|
||||
<li><a href="#improvement-store-more-info-in-fail2ban-sql-db">Improvement: Store more info in Fail2ban SQL db</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#mysqlmariadb-backend-special">MySQL/MariaDB backend special</a><ul>
|
||||
<li><a href="#add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database_1">Add missing index for SQL column msgs.time_iso in amavisd database</a></li>
|
||||
<li><a href="#improvement-store-more-info-in-fail2ban-sql-db_1">Improvement: Store more info in Fail2ban SQL db</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#postgresql-backend-special">PostgreSQL backend special</a><ul>
|
||||
<li><a href="#improvement-store-more-info-in-fail2ban-sql-db_2">Improvement: Store more info in Fail2ban SQL db</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -86,12 +92,131 @@ perl -pi -e 's#sogo-iredmail#sogo#g' sogo.local
|
|||
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
|
||||
</code></pre>
|
||||
|
||||
<h3 id="improvement-store-more-info-in-fail2ban-sql-db">Improvement: Store more info in Fail2ban SQL db</h3>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<p>Since iRedMail-1.2, Fail2ban is configured to <a href="./fail2ban.sql.html">store banned IP addresses in
|
||||
SQL database</a>, if you're running an old iRedMail
|
||||
release, please upgrade your iRedMail server by following the upgrade
|
||||
tutorials: <a href="./iredmail.releases.html">iRedMail release notes and upgrade tutorials</a>.</p>
|
||||
</div>
|
||||
<p>With changes below, we now store matched log lines which triggerred the ban in
|
||||
Fail2ban SQL database, also number of times the failure occurred in log files.</p>
|
||||
<p>Please run SQL commands below as MySQL root user:</p>
|
||||
<pre><code>USE fail2ban;
|
||||
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
|
||||
ALTER TABLE banned ADD COLUMN loglines TEXT;
|
||||
</code></pre>
|
||||
|
||||
<p>Now open file <code>/etc/fail2ban/action.d/banned_db.conf</code>, find the <code>actionban =</code>
|
||||
line like below:</p>
|
||||
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
|
||||
</code></pre>
|
||||
|
||||
<p>Replace it by:</p>
|
||||
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
|
||||
</code></pre>
|
||||
|
||||
<p>Download improved shell script and replace the existing one:</p>
|
||||
<pre><code>wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
|
||||
mv fail2ban_banned_db /usr/local/bin/
|
||||
chmod 0550 /usr/local/bin/fail2ban_banned_db
|
||||
</code></pre>
|
||||
|
||||
<p>Now restart Fail2ban service.</p>
|
||||
<h2 id="mysqlmariadb-backend-special">MySQL/MariaDB backend special</h2>
|
||||
<h3 id="add-missing-index-for-sql-column-msgstime_iso-in-amavisd-database_1">Add missing index for SQL column <code>msgs.time_iso</code> in <code>amavisd</code> database</h3>
|
||||
<p>Please run SQL commands below as MySQL root user:</p>
|
||||
<pre><code>USE amavisd;
|
||||
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
|
||||
</code></pre><div class="footer">
|
||||
</code></pre>
|
||||
|
||||
<h3 id="improvement-store-more-info-in-fail2ban-sql-db_1">Improvement: Store more info in Fail2ban SQL db</h3>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<p>Since iRedMail-1.2, Fail2ban is configured to <a href="./fail2ban.sql.html">store banned IP addresses in
|
||||
SQL database</a>, if you're running an old iRedMail
|
||||
release, please upgrade your iRedMail server by following the upgrade
|
||||
tutorials: <a href="./iredmail.releases.html">iRedMail release notes and upgrade tutorials</a>.</p>
|
||||
</div>
|
||||
<p>With changes below, we now store matched log lines which triggerred the ban in
|
||||
Fail2ban SQL database, also number of times the failure occurred in log files.</p>
|
||||
<p>Please run SQL commands below as MySQL root user:</p>
|
||||
<pre><code>USE fail2ban;
|
||||
ALTER TABLE banned ADD COLUMN failures INT(2) NOT NULL DEFAULT 0;
|
||||
ALTER TABLE banned ADD COLUMN loglines TEXT;
|
||||
</code></pre>
|
||||
|
||||
<p>Now open file <code>/etc/fail2ban/action.d/banned_db.conf</code>, find the <code>actionban =</code>
|
||||
line like below:</p>
|
||||
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
|
||||
</code></pre>
|
||||
|
||||
<p>Replace it by:</p>
|
||||
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
|
||||
</code></pre>
|
||||
|
||||
<p>Download improved shell script and replace the existing one:</p>
|
||||
<pre><code>wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
|
||||
mv fail2ban_banned_db /usr/local/bin/
|
||||
chmod 0550 /usr/local/bin/fail2ban_banned_db
|
||||
</code></pre>
|
||||
|
||||
<p>Now restart Fail2ban service.</p>
|
||||
<h2 id="postgresql-backend-special">PostgreSQL backend special</h2>
|
||||
<h3 id="improvement-store-more-info-in-fail2ban-sql-db_2">Improvement: Store more info in Fail2ban SQL db</h3>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<p>Since iRedMail-1.2, Fail2ban is configured to <a href="./fail2ban.sql.html">store banned IP addresses in
|
||||
SQL database</a>, if you're running an old iRedMail
|
||||
release, please upgrade your iRedMail server by following the upgrade
|
||||
tutorials: <a href="./iredmail.releases.html">iRedMail release notes and upgrade tutorials</a>.</p>
|
||||
</div>
|
||||
<p>With changes below, we now store matched log lines which triggerred the ban in
|
||||
Fail2ban SQL database, also number of times the failure occurred in log files.</p>
|
||||
<p>Please follow steps below to apply required changes.</p>
|
||||
<ul>
|
||||
<li>Connect to PostgreSQL server as <code>postgres</code> user and connect to <code>vmail</code> database:<ul>
|
||||
<li>on Linux, it's <code>postgres</code> user</li>
|
||||
<li>on FreeBSD, it's <code>pgsql</code> user</li>
|
||||
<li>on OpenBSD, it's <code>_postgresql</code> user</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<pre><code>su - postgres
|
||||
psql -d fail2ban
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Run SQL commands below:</li>
|
||||
</ul>
|
||||
<pre><code>\c fail2ban;
|
||||
ALTER TABLE banned ADD COLUMN failures SMALLINT NOT NULL DEFAULT 0;
|
||||
ALTER TABLE banned ADD COLUMN loglines TEXT;
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Open file <code>/etc/fail2ban/action.d/banned_db.conf</code>, find the <code>actionban =</code>
|
||||
line like below:</li>
|
||||
</ul>
|
||||
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name>
|
||||
</code></pre>
|
||||
|
||||
<p>Replace it by:</p>
|
||||
<pre><code>actionban = /usr/local/bin/fail2ban_banned_db ban <ip> <port> <protocol> <name> <ipjailfailures> <ipjailmatches>
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Download improved shell script and replace the existing one:</li>
|
||||
</ul>
|
||||
<pre><code>wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_banned_db
|
||||
mv fail2ban_banned_db /usr/local/bin/
|
||||
chmod 0550 /usr/local/bin/fail2ban_banned_db
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Now restart Fail2ban service.</li>
|
||||
</ul><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div>
|
||||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||
|
|
Loading…
Reference in New Issue