Cleanup.
This commit is contained in:
parent
93100bf7c2
commit
ebed99eb5c
|
@ -22,11 +22,11 @@ With iRedAdmin-Pro, you can login as global admin, go to
|
|||
## How it works
|
||||
|
||||
When some (bad) client triggers the ban, Fail2ban will perform actions defined
|
||||
in `action =` parameter in jail config file. For example, in jail `dovecot-iredmail`
|
||||
in `action =` parameter in jail config file. For example, in jail `dovecot`
|
||||
(`/etc/fail2ban/jail.d/dovecot.local`):
|
||||
|
||||
```
|
||||
[dovecot-iredmail]
|
||||
[dovecot]
|
||||
enabled = ...
|
||||
filter = ...
|
||||
logpath = ...
|
||||
|
@ -168,7 +168,7 @@ want to store banned IP in SQL db. Let's take `dovecot.local` for example.
|
|||
* The `action =` line in original file looks like this:
|
||||
|
||||
```
|
||||
[dovecot-iredmail]
|
||||
[dovecot]
|
||||
...
|
||||
action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
```
|
||||
|
@ -178,16 +178,16 @@ action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,1
|
|||
!!! warning
|
||||
|
||||
* The name set in `banned_db[name=, ...]` line must be same as
|
||||
the jail name which is defined in the first line `[dovecot-iredmail]`.
|
||||
In above sample, jail name is `dovecot-iredmail`.
|
||||
the jail name which is defined in the first line `[dovecot]`.
|
||||
In above sample, jail name is `dovecot`.
|
||||
Do __NOT__ copy the name used in `iptables-multiport[...]` line.
|
||||
* There's only one `action =` parameter for a jail.
|
||||
|
||||
```
|
||||
[dovecot-iredmail]
|
||||
[dovecot]
|
||||
...
|
||||
action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
banned_db[name=dovecot-iredmail, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
banned_db[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
```
|
||||
|
||||
That's it. It's recommend to enable this new action `banned_db` for all jails.
|
||||
|
@ -266,20 +266,20 @@ fail2ban_db_password = '<my-secret-password>'
|
|||
Run `fail2ban-client` command as `root` user to ban 2 IP addresses like below:
|
||||
|
||||
```
|
||||
fail2ban-client set dovecot-iredmail banip 1.1.1.1
|
||||
fail2ban-client set dovecot-iredmail banip 1.1.1.2
|
||||
fail2ban-client set dovecot banip 1.1.1.1
|
||||
fail2ban-client set dovecot banip 1.1.1.2
|
||||
```
|
||||
|
||||
You can see the banned IP address with command `fail2ban-client status <jail>`:
|
||||
|
||||
```
|
||||
fail2ban-client status dovecot-iredmail
|
||||
fail2ban-client status dovecot
|
||||
```
|
||||
|
||||
Command output:
|
||||
|
||||
```
|
||||
Status for the jail: dovecot-iredmail
|
||||
Status for the jail: dovecot
|
||||
|- Filter
|
||||
| |- Currently failed: 0
|
||||
| |- Total failed: 0
|
||||
|
@ -299,19 +299,19 @@ mysql fail2ban -e "SELECT * FROM banned"
|
|||
You should see the command output like below:
|
||||
|
||||
```
|
||||
+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
|
||||
| id | ip | ports | protocol | jail | hostname | country | timestamp | remove |
|
||||
+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
|
||||
| 3 | 1.1.1.1 | 22 | tcp | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 | 0 |
|
||||
| 4 | 1.1.1.2 | 22 | tcp | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 |
|
||||
+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
|
||||
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
|
||||
| id | ip | ports | protocol | jail | hostname | country | timestamp | remove |
|
||||
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
|
||||
| 3 | 1.1.1.1 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 | 0 |
|
||||
| 4 | 1.1.1.2 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 |
|
||||
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
|
||||
```
|
||||
|
||||
Now run `fail2ban-client` command to unban IP and query SQL table
|
||||
`fail2ban.banned` again, you should see unbanned IP is gone:
|
||||
|
||||
```
|
||||
fail2ban-client set dovecot-iredmail unbanip 1.1.1.1
|
||||
fail2ban-client set dovecot unbanip 1.1.1.1
|
||||
```
|
||||
|
||||
Now run command as `root` user to update SQL column `banned.remove=1` to
|
||||
|
@ -332,7 +332,7 @@ stored in SQL db with `remove=1` is gone, and unbanned in fail2ban too:
|
|||
|
||||
```
|
||||
mysql fail2ban -e "SELECT * FROM banned"
|
||||
fail2ban-client status dovecot-iredmail
|
||||
fail2ban-client status dovecot
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
|
|
@ -51,9 +51,9 @@ minute, a cron job will call <code>fail2ban-client</code> to actually unban it.<
|
|||
<p><img alt="" src="./images/iredadmin/activity_banned_ip_addresses.png" width="900px" /></p>
|
||||
<h2 id="how-it-works">How it works</h2>
|
||||
<p>When some (bad) client triggers the ban, Fail2ban will perform actions defined
|
||||
in <code>action =</code> parameter in jail config file. For example, in jail <code>dovecot-iredmail</code>
|
||||
in <code>action =</code> parameter in jail config file. For example, in jail <code>dovecot</code>
|
||||
(<code>/etc/fail2ban/jail.d/dovecot.local</code>):</p>
|
||||
<pre><code>[dovecot-iredmail]
|
||||
<pre><code>[dovecot]
|
||||
enabled = ...
|
||||
filter = ...
|
||||
logpath = ...
|
||||
|
@ -184,7 +184,7 @@ want to store banned IP in SQL db. Let's take <code>dovecot.local</code> for exa
|
|||
<ul>
|
||||
<li>The <code>action =</code> line in original file looks like this:</li>
|
||||
</ul>
|
||||
<pre><code>[dovecot-iredmail]
|
||||
<pre><code>[dovecot]
|
||||
...
|
||||
action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
</code></pre>
|
||||
|
@ -196,18 +196,18 @@ action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,
|
|||
<p class="admonition-title">Warning</p>
|
||||
<ul>
|
||||
<li>The name set in <code>banned_db[name=, ...]</code> line must be same as
|
||||
the jail name which is defined in the first line <code>[dovecot-iredmail]</code>.
|
||||
In above sample, jail name is <code>dovecot-iredmail</code>.
|
||||
the jail name which is defined in the first line <code>[dovecot]</code>.
|
||||
In above sample, jail name is <code>dovecot</code>.
|
||||
Do <strong>NOT</strong> copy the name used in <code>iptables-multiport[...]</code> line.</li>
|
||||
<li>There's only one <code>action =</code> parameter for a jail.</li>
|
||||
</ul>
|
||||
</div>
|
||||
</li>
|
||||
</ul>
|
||||
<pre><code>[dovecot-iredmail]
|
||||
<pre><code>[dovecot]
|
||||
...
|
||||
action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
banned_db[name=dovecot-iredmail, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
banned_db[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
|
||||
</code></pre>
|
||||
|
||||
<p>That's it. It's recommend to enable this new action <code>banned_db</code> for all jails.</p>
|
||||
|
@ -271,16 +271,16 @@ fail2ban_db_password = '<my-secret-password>'
|
|||
<p>We use MySQL for example here.</p>
|
||||
</div>
|
||||
<p>Run <code>fail2ban-client</code> command as <code>root</code> user to ban 2 IP addresses like below:</p>
|
||||
<pre><code>fail2ban-client set dovecot-iredmail banip 1.1.1.1
|
||||
fail2ban-client set dovecot-iredmail banip 1.1.1.2
|
||||
<pre><code>fail2ban-client set dovecot banip 1.1.1.1
|
||||
fail2ban-client set dovecot banip 1.1.1.2
|
||||
</code></pre>
|
||||
|
||||
<p>You can see the banned IP address with command <code>fail2ban-client status <jail></code>:</p>
|
||||
<pre><code>fail2ban-client status dovecot-iredmail
|
||||
<pre><code>fail2ban-client status dovecot
|
||||
</code></pre>
|
||||
|
||||
<p>Command output:</p>
|
||||
<pre><code>Status for the jail: dovecot-iredmail
|
||||
<pre><code>Status for the jail: dovecot
|
||||
|- Filter
|
||||
| |- Currently failed: 0
|
||||
| |- Total failed: 0
|
||||
|
@ -296,17 +296,17 @@ fail2ban-client set dovecot-iredmail banip 1.1.1.2
|
|||
</code></pre>
|
||||
|
||||
<p>You should see the command output like below:</p>
|
||||
<pre><code>+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
|
||||
| id | ip | ports | protocol | jail | hostname | country | timestamp | remove |
|
||||
+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
|
||||
| 3 | 1.1.1.1 | 22 | tcp | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 | 0 |
|
||||
| 4 | 1.1.1.2 | 22 | tcp | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 |
|
||||
+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
|
||||
<pre><code>+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
|
||||
| id | ip | ports | protocol | jail | hostname | country | timestamp | remove |
|
||||
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
|
||||
| 3 | 1.1.1.1 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 | 0 |
|
||||
| 4 | 1.1.1.2 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 |
|
||||
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
|
||||
</code></pre>
|
||||
|
||||
<p>Now run <code>fail2ban-client</code> command to unban IP and query SQL table
|
||||
<code>fail2ban.banned</code> again, you should see unbanned IP is gone:</p>
|
||||
<pre><code>fail2ban-client set dovecot-iredmail unbanip 1.1.1.1
|
||||
<pre><code>fail2ban-client set dovecot unbanip 1.1.1.1
|
||||
</code></pre>
|
||||
|
||||
<p>Now run command as <code>root</code> user to update SQL column <code>banned.remove=1</code> to
|
||||
|
@ -321,7 +321,7 @@ simulate the unban triggered by iRedAdmin-Pro:</p>
|
|||
<p>Again, query SQL table <code>fail2ban.banned</code> as <code>root</code> user, you should see the IP
|
||||
stored in SQL db with <code>remove=1</code> is gone, and unbanned in fail2ban too:</p>
|
||||
<pre><code>mysql fail2ban -e "SELECT * FROM banned"
|
||||
fail2ban-client status dovecot-iredmail
|
||||
fail2ban-client status dovecot
|
||||
</code></pre>
|
||||
|
||||
<h2 id="troubleshooting">Troubleshooting</h2>
|
||||
|
|
Loading…
Reference in New Issue