(可选)(实验性)Fail2ban集成Axigen
本章内容中所使用的方法来自 AuthorBogdan Moldovan.
原文链接为: https://www.axigen.com/articles/fail2ban-linux-brute-force-attack-protection_82.html .
无论是SSH TELNET 或者 WEB服务,只要端口暴露在Internet上,就有可能被攻击,Axigen也不例外,因此出于安全考虑和服务稳定,防范骇客攻击已经成为不可忽视的问题.
警告
首次搭建需要重启Axigen和Fail2ban,在搭建前请做好备份!
环境需求:
- Debian上已经安装 Fail2ban.
- Debian上已经安装 Axigen,已经启用CLI并接受远程主机的连接.
Step 1:使用Telnet连接Axigen
以AxigenVersion10.5.5为例,CLI用户名请使用 admin,密码请输入向导设置时设置的密码.
<login> user admin <password> admin_password_which_will_be_showed_in_clear_text
Step 2:启用安全日志
<#> config server <server#> config log <server-log#> set enableSecurityLog yes <server-log#> commit <server#> commit <#> save config <#> quit
Step 3:在Debian上重启Axigen服务
/etc/init.d/axigen restart
Step 4:在Debian上为Fail2ban创建一个文件用于过滤,并添加过滤策略
过滤文件路径为 /etc/fail2ban/filter.d/axigen.conf
创建好之后,将下面内容粘贴到/etc/fail2ban/filter.d/axigen.conf
# Fail2Ban filter for axigen # # Revision: 2016040601 # # If you want to protect Axigen from being bruteforced by password # authentication then configure enableSecurityLog = yes in axigen.cfg # and reload configuration. # # Log file: ${AXIGEN_WORK_DIR}/log/security.txt # Log example: 2016-03-08 12:41:29 +0200 02 aximon SECURITY:PROXY_WEBMAIL;0002607C;82.36.25.70;61707;OP_FAIL;root@q.me;Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Firefox/45.0;Authentication error; Invalid password # # # Notes: # * Feature introduced by Axigen version 9.0 # * Axigen 9 default separator was ':' # * Axigen 10 default separator switched to ';' (due to IPv6 address format) # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = axigen failregex = ^%(__prefix_line)s.* SECURITY:[A-Z3_\-]+[:;][0-9A-F]+[:;]<HOST>[:;][0-9]+[:;]OP_FAIL[:;].*$ ignoreregex = [Init] # "maxlines" is number of log lines to buffer for multi-line regex searches maxlines = 10
Step 5:在Fail2ban配置中,启用 监控Axigen安全日志功能
/etc/fail2ban/jail.local内容不做修改,只将下面内容添加进去,可以放在末尾处.
[axigen] enabled = true backend = polling logpath = /var/opt/axigen/log/security.txt banaction = iptables-allports maxretry = 10 findtime = 600 bantime = 600
Step 6:重启Fail2ban
systemctl restart fail2ban