OshiHa.com

ConoHaでAlpine Linux 3.8

不正アクセス対策 fail2ban の導入

2018/09/04  2018/09/05

◆◇◆ 【衝撃価格】VPS512MBプラン!月額630円/1時間1円【ConoHa】 ◆◇◆

1. fail2ban のインストール

alpine:~$ sudo apk add fail2ban

2. fail2ban の設定

設定1

alpine:~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
alpine:~$ sudo vi /etc/fail2ban/jail.local
[DEFAULT]
# 54行目:コメント解除
ignoreip = 127.0.0.1/8 ::1

# 63~70行目
bantime  = 864000
findtime  = 600
maxretry = 5

# 230行目から
#
# JAILS
#

#
# SSH servers
#

[sshd]
enabled = true
filter  = alpine-sshd
port    = *****
logpath = /var/log/messages

[sshd-ddos]
enabled = true
filter  = alpine-sshd-ddos
port    = *****
logpath = /var/log/messages

#
# HTTP servers
#

# Basic認証の総当り攻撃対策
[nginx-http-auth]
enabled = true
filter  = nginx-http-auth
port    = http,https
logpath = /var/log/nginx/error.log

[nginx-botsearch]
enabled = true
filter  = nginx-botsearch
port    = http,https
logpath = /var/log/nginx/error.log

#
# Mail servers
#

[postfix]
enabled = true
mode    = more
port    = smtp,465,submission
logpath = /var/log/maillog
backend = %(postfix_backend)s

[postfix-rbl]
enabled  = true
filter   = postfix[mode=rbl]
port     = smtp,465,submission
logpath  = /var/log/maillog
backend  = %(postfix_backend)s
maxretry = 1

[dovecot]
enabled = true
port    = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = /var/log/dovecot/dovecot.log
backend = %(dovecot_backend)s

# saslアタック対策
[postfix-sasl]
enabled = true
filter   = postfix-sasl
port     = smtp,465,submission,imap,imaps,pop3,pop3s
logpath = /var/log/maillog
backend  = %(postfix_backend)s

postfix-saslのフィルターを作成
alpine:~$ sudo vi /etc/fail2ban/filter.d/postfix-sasl.conf

[INCLUDES]
before = common.conf

[Definition]
_daemon = postfix/smtpd
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w

ignoreregex =

設定2:loglevel の設定

Ban(ブロックした)や UnBan(ブロックを解除した)の処理だけを記録するように fail2ban の設定ファイルを編集する。

alpine:~$ sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.conf.org
alpine:~$ sudo vi /etc/fail2ban/fail2ban.conf
# 24行目
- loglevel = INFO
+ loglevel = NOTICE

3. 起動とサービス登録

alpine:~$ sudo rc-service fail2ban start
alpine:~$ sudo rc-update add fail2ban

4. 各種コマンド


◆◇◆ 【衝撃価格】VPS512MBプラン!月額630円/1時間1円【ConoHa】 ◆◇◆

ConoHa VPSの攻略
Alpine Linux 3.8

TOP