diff --git a/en_US/howto/fail2ban.sql.md b/en_US/howto/fail2ban.sql.md index ca2c7dbb..c7d36cf7 100644 --- a/en_US/howto/fail2ban.sql.md +++ b/en_US/howto/fail2ban.sql.md @@ -22,11 +22,11 @@ With iRedAdmin-Pro, you can login as global admin, go to ## How it works When some (bad) client triggers the ban, Fail2ban will perform actions defined -in `action =` parameter in jail config file. For example, in jail `dovecot-iredmail` +in `action =` parameter in jail config file. For example, in jail `dovecot` (`/etc/fail2ban/jail.d/dovecot.local`): ``` -[dovecot-iredmail] +[dovecot] enabled = ... filter = ... logpath = ... @@ -168,7 +168,7 @@ want to store banned IP in SQL db. Let's take `dovecot.local` for example. * The `action =` line in original file looks like this: ``` -[dovecot-iredmail] +[dovecot] ... action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp] ``` @@ -178,16 +178,16 @@ action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,1 !!! warning * The name set in `banned_db[name=, ...]` line must be same as - the jail name which is defined in the first line `[dovecot-iredmail]`. - In above sample, jail name is `dovecot-iredmail`. + the jail name which is defined in the first line `[dovecot]`. + In above sample, jail name is `dovecot`. Do __NOT__ copy the name used in `iptables-multiport[...]` line. * There's only one `action =` parameter for a jail. ``` -[dovecot-iredmail] +[dovecot] ... action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp] - banned_db[name=dovecot-iredmail, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp] + banned_db[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp] ``` That's it. It's recommend to enable this new action `banned_db` for all jails. @@ -266,20 +266,20 @@ fail2ban_db_password = '' Run `fail2ban-client` command as `root` user to ban 2 IP addresses like below: ``` -fail2ban-client set dovecot-iredmail banip 1.1.1.1 -fail2ban-client set dovecot-iredmail banip 1.1.1.2 +fail2ban-client set dovecot banip 1.1.1.1 +fail2ban-client set dovecot banip 1.1.1.2 ``` You can see the banned IP address with command `fail2ban-client status `: ``` -fail2ban-client status dovecot-iredmail +fail2ban-client status dovecot ``` Command output: ``` -Status for the jail: dovecot-iredmail +Status for the jail: dovecot |- Filter | |- Currently failed: 0 | |- Total failed: 0 @@ -299,19 +299,19 @@ mysql fail2ban -e "SELECT * FROM banned" You should see the command output like below: ``` -+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+ -| id | ip | ports | protocol | jail | hostname | country | timestamp | remove | -+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+ -| 3 | 1.1.1.1 | 22 | tcp | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 | 0 | -| 4 | 1.1.1.2 | 22 | tcp | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 | -+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+ ++----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+ +| id | ip | ports | protocol | jail | hostname | country | timestamp | remove | ++----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+ +| 3 | 1.1.1.1 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 | 0 | +| 4 | 1.1.1.2 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 | ++----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+ ``` Now run `fail2ban-client` command to unban IP and query SQL table `fail2ban.banned` again, you should see unbanned IP is gone: ``` -fail2ban-client set dovecot-iredmail unbanip 1.1.1.1 +fail2ban-client set dovecot unbanip 1.1.1.1 ``` Now run command as `root` user to update SQL column `banned.remove=1` to @@ -332,7 +332,7 @@ stored in SQL db with `remove=1` is gone, and unbanned in fail2ban too: ``` mysql fail2ban -e "SELECT * FROM banned" -fail2ban-client status dovecot-iredmail +fail2ban-client status dovecot ``` ## Troubleshooting diff --git a/html/fail2ban.sql.html b/html/fail2ban.sql.html index f5039eab..6cdbc27c 100644 --- a/html/fail2ban.sql.html +++ b/html/fail2ban.sql.html @@ -51,9 +51,9 @@ minute, a cron job will call fail2ban-client to actually unban it.<

How it works

When some (bad) client triggers the ban, Fail2ban will perform actions defined -in action = parameter in jail config file. For example, in jail dovecot-iredmail +in action = parameter in jail config file. For example, in jail dovecot (/etc/fail2ban/jail.d/dovecot.local):

-
[dovecot-iredmail]
+
[dovecot]
 enabled     = ...
 filter      = ...
 logpath     = ...
@@ -184,7 +184,7 @@ want to store banned IP in SQL db. Let's take dovecot.local for exa
 
    
 
  • The action = line in original file looks like this:
    • 
 

-
[dovecot-iredmail]
+
[dovecot]
 ...
 action      = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
 

@@ -196,18 +196,18 @@ action      = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,
 
Warning

 
    
 
  • The name set in banned_db[name=, ...] line must be same as
-  the jail name which is defined in the first line [dovecot-iredmail].
-  In above sample, jail name is dovecot-iredmail.
+  the jail name which is defined in the first line [dovecot].
+  In above sample, jail name is dovecot.
   Do NOT copy the name used in iptables-multiport[...] line.
    • 
 
  • There's only one action = parameter for a jail.
    • 
 

 
 
 
-
[dovecot-iredmail]
+
[dovecot]
 ...
 action      = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
-              banned_db[name=dovecot-iredmail, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
+              banned_db[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
 

 
 
That's it. It's recommend to enable this new action banned_db for all jails.

@@ -271,16 +271,16 @@ fail2ban_db_password = '<my-secret-password>'
 
We use MySQL for example here.

 
 
Run fail2ban-client command as root user to ban 2 IP addresses like below:

-
fail2ban-client set dovecot-iredmail banip 1.1.1.1
-fail2ban-client set dovecot-iredmail banip 1.1.1.2
+
fail2ban-client set dovecot banip 1.1.1.1
+fail2ban-client set dovecot banip 1.1.1.2
 

 
 
You can see the banned IP address with command fail2ban-client status <jail>:

-
fail2ban-client status dovecot-iredmail
+
fail2ban-client status dovecot
 

 
 
Command output:

-
Status for the jail: dovecot-iredmail
+
Status for the jail: dovecot
 |- Filter
 |  |- Currently failed: 0
 |  |- Total failed: 0
@@ -296,17 +296,17 @@ fail2ban-client set dovecot-iredmail banip 1.1.1.2
 

 
 
You should see the command output like below:

-
+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
-| id | ip      | ports | protocol | jail             | hostname         | country       | timestamp           | remove |
-+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
-|  3 | 1.1.1.1 | 22    | tcp      | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 |      0 |
-|  4 | 1.1.1.2 | 22    | tcp      | dovecot-iredmail | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 |      0 |
-+----+---------+-------+----------+------------------+------------------+---------------+---------------------+--------+
+
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
+| id | ip      | ports | protocol | jail    | hostname         | country       | timestamp           | remove |
++----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
+|  3 | 1.1.1.1 | 22    | tcp      | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:57 |      0 |
+|  4 | 1.1.1.2 | 22    | tcp      | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 |      0 |
++----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
 

 
 
Now run fail2ban-client command to unban IP and query SQL table
 fail2ban.banned again, you should see unbanned IP is gone:

-
fail2ban-client set dovecot-iredmail unbanip 1.1.1.1
+
fail2ban-client set dovecot unbanip 1.1.1.1
 

 
 
Now run command as root user to update SQL column banned.remove=1 to
@@ -321,7 +321,7 @@ simulate the unban triggered by iRedAdmin-Pro:

 
Again, query SQL table fail2ban.banned as root user, you should see the IP
 stored in SQL db with remove=1 is gone, and unbanned in fail2ban too:

 
mysql fail2ban -e "SELECT * FROM banned"
-fail2ban-client status dovecot-iredmail
+fail2ban-client status dovecot
 

 
 
Troubleshooting