How to Install fail2ban on CentOS in DirectAdmin
Login using root
[[email protected]:~ ] $ yum install fail2ban vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf
Add this to the file dovecot-pop3imap.conf
[Definition] failregex = dovecot: auth-worker\(default\): sql\(.*,\): unknown user dovecot: (pop3|imap)-login: Aborted login \(.*\): .*, \[\] dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\] dovecot: auth\(default\): passdb\(.*,\)\: Attempted login with password having illegal chars dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\] dovecot: (pop3|imap)-login: Aborted login: .*, \[\] ignoreregex =
Then edit the file jail.conf to enable it.
vi /etc/fail2ban/jail.conf
Add this to the file
[dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] sendmail-whois[name=dovecot-pop3imap, dest=root, [email protected]] logpath = /var/log/maillog maxretry = 20 findtime = 1200 bantime = 1200
Try to start the service
[[email protected]:/etc/fail2ban/filter.d ] $ service fail2ban start Starting fail2ban: [ OK ]
Make sure service is start while boot up.
chkconfig fail2ban --level=235 on
Check is it working or not.
[[email protected]:/etc/fail2ban/filter.d ] $ service fail2ban status Fail2ban (pid 13009) is running... Status |- Number of jail: 2 `- Jail list: dovecot-pop3imap, ssh-iptables
You can see the attacks getting blocked in /var/log/messages depending on your value of logtarget in /etc/fail2ban/fail2ban.conf