Install fail2ban on freebsd

cd /usr/ports/
make search key=”fail2ban”
cd /usr/ports/security/py-fail2ban
make install clean
#
cd /usr/local/etc/fail2ban/action.d
vi pf.conf
#add:

1
2
3
4
5
6
7
8
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = /sbin/pfctl -t <tablename> -T add <ip>/32
actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32
[Init]
tablename = fail2ban

:wq!
cd /usr/local/etc/fail2ban/filter.d
vi sasl2.conf
#add:

1
2
3
4
5
6
# Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$

:wq!
cd ..
vi jail.conf
#add:

1
2
3
4
5
6
7
8
[sasl]
enabled  = true
port     = smtp
filter   = sasl2
action   = pf
bantime  = -1
logpath  = /var/log/maillog
maxretry = 1

:wq!
vi /etc/rc.conf
#add:

1
fail2ban_enable="YES"

:wq!
vi /etc/pf.conf
#add:

1
2
3
4
table <fail2ban> persist
block quick proto tcp from <fail2ban> to $ext_if port 22
block quick proto tcp from <fail2ban> to $ext_if port 25
block quick proto tcp from <fail2ban> to $ext_if port 465

:wq!
/usr/local/etc/rc.d/fail2ban restart
pfctl -f /etc/pf.conf
#
/sbin/pfctl -t fail2ban -T show
/sbin/pfctl -t fail2ban -T add ipaddress/32
/sbin/pfctl -t fail2ban -T delete ipaddress/32

上一篇: