一键安装fail2ban 阻止黑客爆破你的smtp账号密码保护postfix安全

fail2ban 阻止黑客爆破你的smtp账号密码保护postfix安全
fail2ban 阻止黑客爆破你的smtp账号密码保护postfix安全

近日,查看postfix日志,出现大量莫名其妙的日志,一看就是有人爆破密码,造成1G 的日志文件,我晕,

不得已,只能写个脚本了,

说好了是一键玩法的,

支持centos,Debian \ Ubuntu,智能识别,

默认smtp密码错误10次,10次之后黑客IP将会被封 8760/h 也就是1年

安装极为简单,输入代码回车,搞定

而且,必须开启你的防火墙,不然不会生效,原理就是通过防火墙来屏蔽黑客IP,没有防火墙就不会拦截

1、查看firewall服务状态

systemctl status firewalld

2、查看firewall的状态

firewallcmd state

3、开启、重启、关闭、firewalld.service服务

开启

service firewalld start

 重启

service firewalld restart

关闭

service firewalld stop

防火墙高级开放

firewall-cmd –add-service=http –permanent

firewall-cmd –add-service=https –permanent

firewall-cmd –add-service=imaps –permanent

firewall-cmd –add-service=imap –permanent

firewall-cmd –add-service=smtp –permanent

firewall-cmd –add-service=smtps –permanent

firewall-cmd –add-service=pop3 –permanent

firewall-cmd –add-service=pop3s –permanent

4、查看防火墙规则

firewallcmd listall

接下来,运行以下命令使更改生效:

firewall-cmd –reload

 

 

看下效果:

[root@mail ~]# sudo fail2ban-client status
Status
|- Number of jail: 4
`- Jail list: dovecot, postfix, postfix-sasl, ssh-iptables

查看封禁列表,

我的亲娘呀!这么多IP都来捅我菊花?

bash fail2banc.sh blocklist

:[root@mail ~]# bash fail2banc.sh blocklist
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 34
| |- Total failed: 669753
| `- File list: /var/log/secure
`- Actions
|- Currently banned: 5660
|- Total banned: 5660
`- Banned IP list:  177.129.8.26 165.154.46.18 188.166.212.56 159.65.150.151 43.155.80.143 43.134.175.73 20.203.229.132 14.225.254.36 120.237.118.139 183.82.34.122 65.108.59.132 143.198.105.150 152.136.102.64 46.101.157.187 117.50.18.200 159.223.87.233 208.113.201.185 8.9.231.152 36.66.211.7 73.93.3.153 178.62.244.205 34.101.115.42 192.199.60.13 165.232.133.121

后面IP 太多了,不方便展示

链接ssh回车即可

wget “https://raw.githubusercontent.com/maitreyarael/fail2banc/master/fail2banc.sh” && bash fail2banc.sh install

 

说明详解

安装 : bash fail2banc.sh install

卸载 : bash fail2banc.sh uninstall

查看运行日志 : bash fail2banc.sh runlog

服务

重启 :

bash fail2banc.sh restart

systemctl restart fail2ban

查看状态 : bash fail2banc.sh status

查看状态

sudo fail2ban-client status

sudo fail2ban-client status postfix-sasl

sudo service fail2ban reload

查看邮件日志:基本很全面,几乎所有遇到的邮件问题都可以通过该日志来处理

tail -f /var/log/maillog

从postfix-sasl中删除被屏蔽的IP地址,也就是解除对这个IP 的封锁

sudo fail2ban-client set postfix-sasl unbanip 124.115.136.27

查看封禁列表 : bash fail2banc.sh blocklist

请谨慎使用此脚本,以免将自己关在外面,

 

发表回复

页面加载时间0.30 s