Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
vms:webdev:ispconfig [2014/06/06 15:21] admin [Vlogger, Webalizer, And AWstats] |
vms:webdev:ispconfig [2014/06/06 15:48] admin [fail2ban] |
||
---|---|---|---|
Line 352: | Line 352: | ||
==== fail2ban ==== | ==== fail2ban ==== | ||
---- | ---- | ||
+ | <code> | ||
+ | > apt-get install fail2ban | ||
+ | </code> | ||
+ | To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/jail.local | ||
+ | |||
+ | [pureftpd] | ||
+ | enabled = true | ||
+ | port = ftp | ||
+ | filter = pureftpd | ||
+ | logpath = /var/log/syslog | ||
+ | maxretry = 3 | ||
+ | |||
+ | [dovecot-pop3imap] | ||
+ | enabled = true | ||
+ | filter = dovecot-pop3imap | ||
+ | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 5 | ||
+ | |||
+ | [sasl] | ||
+ | enabled = true | ||
+ | port = smtp | ||
+ | filter = sasl | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 3 | ||
+ | </code> | ||
+ | |||
+ | Create two more files: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/filter.d/pureftpd.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | ||
+ | ignoreregex = | ||
+ | |||
+ | > nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | ||
+ | ignoreregex = | ||
+ | </code> | ||
+ | |||
+ | Finally, restart fail2ban: | ||
+ | <code> | ||
+ | > /etc/init.d/fail2ban restart | ||
+ | </code> | ||
+ | |||
+ | ==== SquirrelMail ==== | ||
+ | ---- | ||
+ | This has not been done here, for reference, see [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p5|this page of The Perfect Server - Debian Wheezy site]]... |