iT邦幫忙

0

Fail2ban 與 fail2ban-reg 執行後結果?

諸位網友:

安裝 Fail2Ban v0.8.14.dev ;
透過 fail2ban-regex 檢查與上線後 fail2ban 執行後結果不同

---實際執行後結果:

iptables -L

Chain fail2ban-postfix (1 references)
target prot opt source destination
DROP all -- 177-54-225-98.aranet.net.br anywhere
DROP all -- hn.kd.ny.adsl anywhere
RETURN all -- anywhere anywhere

---原始 log 檔

/var/log/maillog

Oct 22 07:38:55 mg-mail postfix/smtpd[542]: warning: hostname hn.kd.ny.adsl does not resolve to address 42.236.252.147: Name or service not known
Oct 22 08:18:49 mg-mail postfix/smtpd[2634]: warning: hostname 177-54-225-98.aranet.net.br does not resolve to address 177.54.225.98: Name or service not known

---執行後結果:
都會以前面第一個 為主,而真正有問題是最後 ip 而非 hostname 後面.
這是為何?
請有經驗網友可否回答,或解決我的疑惑?
謝謝.

+++ filter.d conf 規則:

# vi /etc/fail2ban/filter.d/postfix.conf
[Definition]
failregex = reject: RCPT from \S+\[<HOST>\]: ... (4.7.1|5.7.1|4.1.8)
            warning: hostname [-._\w]+ (.*) address <HOST>: Name or service not known

ignoreregex =

+++ 透過 fail2ban-regex 指令查詢結果:

# fail2ban-regex -v /var/log/maillog "warning: hostname [-._\w]+ (.*) address <HOST>: Name or service not known"

Running tests
=============

Use   failregex line : warning: hostname [-._\w]+ (.*) address <HOST>: Na...
Use         log file : /var/log/maillog

...
|      42.236.252.147  Fri Oct 22 07:38:55 2021
|      177.54.225.98  Fri Oct 22 08:18:49 2021

ayu iT邦好手 2 級 ‧ 2021-10-25 23:36:07 檢舉
fail2ban.log 的記錄是? 採用的 action 或 banaction 是?
kuang001 iT邦新手 4 級 ‧ 2021-11-22 11:18:35 檢舉
不好意思! 回信晚了.
log 都是 fail2ban.actions
請參考!

尚未有邦友回答

立即登入回答