Closed heliflieger closed 5 years ago
hardware
commented
5 years ago fail2ban is outside the scope of this project, I need to keep it easy to maintain. Personally, I prefer Ossec to protect my mailserver. I use it for years outside of my container, in host level.
Ossec : https://github.com/ossec/ossec-hids Ossec fork (Wazuh) : https://github.com/wazuh/wazuh
denji
commented
5 years ago I would not like to see fail2ban as a base solution inside a mailserver container. If other fail2ban alternatives are possible.
navossoc
commented
5 years ago @hardware Is there any general guidelines that you can share? Like the rules?
I would like to test it...
[]'s
heliflieger
commented
5 years ago I have done it now outside the docker container on the docker-host.
The changed rules and filters are attched.
docker-action.conf.txt dovecot-docker.conf.txt jails.conf-rules.txt postfix-docker.conf.txt postfix-sasl-docker.conf.txt
Remark: After start/restart the docker container, you should restart the fail2ban. This is needed, because the docker can get a new container storage and then the logfiles are located on another position.
navossoc
commented
5 years ago Remark: After start/restart the docker container, you should restart the fail2ban. This is needed, because the docker can get a new container storage and then the logfiles are located on another position.
Probably is easy to bind mount the logs from the container to the host and make it use a fixed path.
I'll take a closer look later, I let you know if I found something useful ;) Anyhow, thanks.
[]'s
Classification
Reproducibility
Description
Can you insert the fail2ban to the mailserver? I think it would be nice to block the fault logins/hacking from other destinations.