/var/log/secure authentication failureに対処
fail2ban
10分間にCentOSでは5回、Ubuntuでは6回現れたら攻撃を受けていると判定し、iptables で攻撃元からの接続をブロックします。
ブロックは 10分後、解除します
[root@falcon21 ~]# yum --enablerepo=epel install fail2ban
インストール済み:
fail2ban-0.11.1-10.el8.noarch fail2ban-firewalld-0.11.1-10.el8.noarch
fail2ban-sendmail-0.11.1-10.el8.noarch fail2ban-server-0.11.1-10.el8.noarch
完了しました!
CentOS での fail2ban の出力先を /var/log/messages に変更
/etc/fail2ban/jail.local を作成
[root@falcon21 ~]# vi /etc/fail2ban/fail2ban.local
[Definition]
logtarget = /var/log/fail2ban.log
--------------
・・・/etc/fail2ban/fail2ban.local は、/etc/fail2ban/fail2ban.conf の設定を上書き
fail2ban を起動
[root@falcon21 ~]# systemctl start fail2ban
[
[root@falcon21 ~]# systemctl enable fail2ban
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.
[root@falcon21 ~]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-11-21 23:47:06 JST; 33s ago
Docs: man:fail2ban(1)
Main PID: 30027 (f2b/server)
Tasks: 3 (limit: 48971)
Memory: 11.4M
CGroup: /system.slice/fail2ban.service
└─30027 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start
11月 21 23:47:06 falcon21.space systemd[1]: Starting Fail2Ban Service...
11月 21 23:47:06 falcon21.space systemd[1]: Started Fail2Ban Service.
11月 21 23:47:06 falcon21.space fail2ban-server[30027]: Server ready
-----------------------------------
・・・次回システム起動時からは、fail2ban は自動起動
******************************************************
チェックは、/var/log/fail2ban.log
[root@falcon21 ~]# tail -10 /var/log/fail2ban.log
2020-11-21 23:47:06,842 fail2ban.server [30027]: INFO --------------------------------------------------
2020-11-21 23:47:06,842 fail2ban.server [30027]: INFO Starting Fail2ban v0.11.1
2020-11-21 23:47:06,843 fail2ban.observer [30027]: INFO Observer start...
2020-11-21 23:47:06,848 fail2ban.database [30027]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-11-21 23:47:06,850 fail2ban.database [30027]: WARNING New database created. Version '4'
通知先メールアドレスにメール送信する
[root@falcon21 ~]# vi /etc/fail2ban/jail.conf
178 destemail = root@falcon21.space
181 sender = 178 destemail = root@falcon21.space
187 mta = postfix
[root@falcon21 ~]# systemctl reload fail2ban
***********************************************************
メール受信時のID/パスワードの認証エラーにも対処
(auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXXX rhost=YY.YY.YY.YY)
/etc/fail2ban/fail2ban.local に以下を追加
[root@falcon21 ~]# vi /etc/fail2ban/fail2ban.local
[Definition]
logtarget = /var/log/fail2ban.log
[sasl-iptables]
enabled = true
[dovecot-auth]
enabled = true
・・・・・jail.conf の設定を上書き
[root@falcon21 ~]# systemctl reload fail2ban
[root@falcon21 ~]# systemctl status fail2ban.service -l
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-11-21 23:47:06 JST; 34min ago
Docs: man:fail2ban(1)
Process: 30690 ExecReload=/usr/bin/fail2ban-client reload (code=exited, status=0/SUCCESS)
Main PID: 30027 (f2b/server)
Tasks: 3 (limit: 48971)
Memory: 11.6M
CGroup: /system.slice/fail2ban.service
└─30027 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start
11月 22 00:19:30 falcon21.space systemd[1]: Reloaded Fail2Ban Service.
11月 22 00:20:41 falcon21.space systemd[1]: Reloading Fail2Ban Service.
11月 22 00:20:41 falcon21.space fail2ban-client[30672]: OK
11月 22 00:20:41 falcon21.space systemd[1]: Reloaded Fail2Ban Service.
11月 22 00:21:17 falcon21.space systemd[1]: Reloading Fail2Ban Service.
11月 22 00:21:18 falcon21.space fail2ban-client[30685]: OK
11月 22 00:21:18 falcon21.space systemd[1]: Reloaded Fail2Ban Service.
11月 22 00:21:34 falcon21.space systemd[1]: Reloading Fail2Ban Service.
11月 22 00:21:34 falcon21.space fail2ban-client[30690]: OK
11月 22 00:21:34 falcon21.space systemd[1]: Reloaded Fail2Ban Service.
**********************************************************
投票数:0
平均点:0.00