1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-23 07:27:05 +00:00

tuning fail2ban

This commit is contained in:
KiekerJan 2021-08-28 13:34:37 +02:00
parent 60adba79a1
commit 63255d321a
9 changed files with 89 additions and 6 deletions

View File

@ -0,0 +1,12 @@
[INCLUDES]
before = common.conf
[Definition]
miab-errors=postfix/(submission/)?smtpd.*warning: hostname .* does not resolve to address <HOST>:.+
miab-normal=postfix/(submission/)?smtpd.*warning: hostname .* does not resolve to address <HOST>$
ignoreregex =
failregex = <miab-<mode>>
mode = normal

View File

@ -0,0 +1,7 @@
[INCLUDES]
before = common.conf
[Definition]
failregex=postfix/submission/smtpd.*warning: non-SMTP command from.*\[<HOST>\].*HTTP.*$
ignoreregex =

View File

@ -0,0 +1,8 @@
# Ban requests for non-existing or not-allowed resources
# Ban requests for 40x results
[Definition]
# first regex for error.log, second for access.log
failregex = ^.* \[error\] .*2: No such file or directory.*client: <HOST>.*$
^<HOST> - .*"(GET|POST|HEAD).*HTTP.*" (400|401|403|404) .*$
ignoreregex = ^.*(robots.txt|favicon.ico).*$

View File

@ -0,0 +1,6 @@
# Ban requests for non-existing or not-allowed resources
[Definition]
failregex = ^.* \[error\] .*2: No such file or directory.*client: <HOST>.*$
ignoreregex = ^.*(robots.txt|favicon.ico).*$

View File

@ -97,7 +97,8 @@ failregex = ^<HOST> -.*(GET|POST|HEAD).*(/\.git/config)
^<HOST> -.*(GET|POST|HEAD).*(/examples/file-manager\.html)
^<HOST> -.*(GET|POST|HEAD).*(/getcfg\.php)
^<HOST> -.*(GET|POST|HEAD).*(/get_password\.php)
^<HOST> -.*(GET|POST|HEAD).*(/\.git/info/)
^<HOST> -.*(GET|POST|HEAD).*(/\.git/info)
^<HOST> -.*(GET|POST|HEAD).*(/\.git/HEAD)
^<HOST> -.*(GET|POST|HEAD).*(/Hello\.World)
^<HOST> -.*(GET|POST|HEAD).*(/hndUnblock\.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/images/login9/login_33\.jpg)
@ -231,7 +232,7 @@ failregex = ^<HOST> -.*(GET|POST|HEAD).*(/\.git/config)
^<HOST> -.*(GET|POST|HEAD).*(\x22sanitize)
^<HOST> -.*(GET|POST|HEAD).*(\x22SimplePie)
^<HOST> -.*(GET|POST|HEAD).*(\x5C0disconnectHandlers)
^<HOST> -.*(GET).*(\.\./wp-config.php)
^<HOST> -.*(GET|POST|HEAD).*(\.\./wp-config.php)
ignoreregex =

View File

@ -0,0 +1,14 @@
# Block clients that generate too many non existing resources
# Do not deploy of you host many websites on your box
# any bad html link will trigger a false positive.
# This jail is meant to catch scanners that try many
# sites.
[badrequests]
enabled = true
port = http,https
filter = nginx-badrequests
logpath = /var/log/nginx/error.log
/var/log/nginx/access.log
maxretry = 8
findtime = 15m
bantime = 15m

View File

@ -0,0 +1,31 @@
# typically non smtp commands. Block fast for access to postfix
[miab-postfix-scanner]
enabled = true
port = smtp,465,587
filter = miab-postfix-scanner
logpath = /var/log/mail.log
maxretry = 2
findtime = 1d
bantime = 1h
# ip lookup of hostname does not match. Go easy on block
[miab-pf-rdnsfail]
enabled = true
port = smtp,465,587
mode = normal
filter = miab-postfix-rdnsfail
logpath = /var/log/mail.log
maxretry = 8
findtime = 12h
bantime = 30m
# ip lookup of hostname does not match with failure. More strict block
[miab-pf-rdnsfail-e]
enabled = true
port = smtp,465,587
mode = errors
filter = miab-postfix-rdnsfail[mode=errors]
logpath = /var/log/mail.log
maxretry = 4
findtime = 1d
bantime = 1h

View File

@ -1,8 +1,12 @@
# Block clients based on a list of specific requests
# The list contains applications that are not installed
# only scanners and bad parties will try too often
# so blocking can be fast and long
[webexploits]
enabled = true
port = http,https
filter = webexploits
logpath = /var/log/nginx/access.log
maxretry = 2
findtime = 240m
bantime = 60m
findtime = 4h
bantime = 4h

View File

@ -5,7 +5,7 @@
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
# ping services over the public interface so we should whitelist that address of
# ours too. The string is substituted during installation.
ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6 ADMIN_HOME_IP ADMIN_HOME_IPV6
ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6/64 ADMIN_HOME_IP ADMIN_HOME_IPV6/64
bantime = 15m
findtime = 120m
maxretry = 4
@ -69,7 +69,7 @@ findtime = 15m
enabled = true
maxretry = 10
bantime = 2w
findtime = 3d
findtime = 6d
action = iptables-allports[name=recidive]
# In the recidive section of jail.conf the action contains:
#