elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Typo

This commit is contained in:
Zhang Huangbin 2020-04-15 20:59:37 +08:00
parent 0c51d2d4af
commit 5a68c724f2
2 changed files with 24 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
en_US/howto/fail2ban.sql.md
View File

@ -162,7 +162,7 @@ add or remove banned IP addresses.
## Enable the new action `banned_db`
Now go to `/etc/fail2ban/jail.d/` and update config files for the jails you
Now go to directory `/etc/fail2ban/jail.d/` and update config files for the jails you
want to store banned IP in SQL db. Let's take `dovecot.local` for example.
* The `action =` line in original file looks like this:
@ -177,10 +177,11 @@ action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,1
!!! warning
The name set in `banned_db[name=, ...]` line must be same as
the jail name which is defined in the first line `[dovecot-iredmail]`.
In above sample, it's `dovecot-iredmail`.
Do __NOT__ copy the name used in `iptables-multiport[]` line.
* The name set in `banned_db[name=, ...]` line must be same as
the jail name which is defined in the first line `[dovecot-iredmail]`.
In above sample, jail name is `dovecot-iredmail`.
Do __NOT__ copy the name used in `iptables-multiport[...]` line.
* There's only one `action =` parameter for a jail.
```
[dovecot-iredmail]
@ -201,15 +202,17 @@ Now add a cron job for `root` user:
* * * * * /bin/bash /usr/local/bin/fail2ban_banned_db unban_db
```
It runs every minute and query SQL database to get IP addresses which are
pending for removal.
It runs every minute and queries SQL database to get banned IP addresses which
are pending for removal.
## Optional: Add GeoIP database to look up location of banned IP address
## Optional: look up and store country name of banned IP address
Script `/usr/local/bin/fail2ban_banned_db` detects whether commands
`geoiplookup` and `geoiplookup6` exist, if exist, it runs the command to query
country of banned IP address and store it in SQL database.
Both commands are offered by GeoIP related packages, please install them.
* On RHEL/CentOS 7:
```

22
html/fail2ban.sql.html
View File

@ -29,7 +29,7 @@
<li><a href="#add-required-fail2ban-config-file-and-script">Add required Fail2ban config file and script</a></li>
<li><a href="#enable-the-new-action-banned_db">Enable the new action banned_db</a></li>
<li><a href="#add-required-cron-job-to-query-sql-database-and-unban-ip-addresses">Add required cron job to query SQL database and unban IP addresses</a></li>
<li><a href="#optional-add-geoip-database-to-look-up-location-of-banned-ip-address">Optional: Add GeoIP database to look up location of banned IP address</a></li>
<li><a href="#optional-look-up-and-store-country-name-of-banned-ip-address">Optional: look up and store country name of banned IP address</a></li>
<li><a href="#tests">Tests</a></li>
<li><a href="#troubleshooting">Troubleshooting</a></li>
</ul>
@ -178,7 +178,7 @@ from <code>/root/.my.cnf-fail2ban</code> (OpenLDAP/MySQL/MariaDB backends) or
<code>~postgresql/.pgpass</code> (PostgreSQL backend), then connect to SQL server and
add or remove banned IP addresses.</p>
<h2 id="enable-the-new-action-banned_db">Enable the new action <code>banned_db</code></h2>
<p>Now go to <code>/etc/fail2ban/jail.d/</code> and update config files for the jails you
<p>Now go to directory <code>/etc/fail2ban/jail.d/</code> and update config files for the jails you
want to store banned IP in SQL db. Let's take <code>dovecot.local</code> for example.</p>
<ul>
<li>The <code>action =</code> line in original file looks like this:</li>
@ -193,10 +193,13 @@ action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,
<p>Add our new action under existing action:</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The name set in <code>banned_db[name=, ...]</code> line must be same as
the jail name which is defined in the first line <code>[dovecot-iredmail]</code>.
In above sample, it's <code>dovecot-iredmail</code>.
Do <strong>NOT</strong> copy the name used in <code>iptables-multiport[]</code> line.</p>
<ul>
<li>The name set in <code>banned_db[name=, ...]</code> line must be same as
the jail name which is defined in the first line <code>[dovecot-iredmail]</code>.
In above sample, jail name is <code>dovecot-iredmail</code>.
Do <strong>NOT</strong> copy the name used in <code>iptables-multiport[...]</code> line.</li>
<li>There's only one <code>action =</code> parameter for a jail.</li>
</ul>
</div>
</li>
</ul>
@ -213,12 +216,13 @@ action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,
<pre><code>* * * * * /bin/bash /usr/local/bin/fail2ban_banned_db unban_db
</code></pre>
<p>It runs every minute and query SQL database to get IP addresses which are
pending for removal.</p>
<h2 id="optional-add-geoip-database-to-look-up-location-of-banned-ip-address">Optional: Add GeoIP database to look up location of banned IP address</h2>
<p>It runs every minute and queries SQL database to get banned IP addresses which
are pending for removal.</p>
<h2 id="optional-look-up-and-store-country-name-of-banned-ip-address">Optional: look up and store country name of banned IP address</h2>
<p>Script <code>/usr/local/bin/fail2ban_banned_db</code> detects whether commands
<code>geoiplookup</code> and <code>geoiplookup6</code> exist, if exist, it runs the command to query
country of banned IP address and store it in SQL database.</p>
<p>Both commands are offered by GeoIP related packages, please install them.</p>
<ul>
<li>On RHEL/CentOS 7:</li>
</ul>