こういうのがlogwatchで発見したので対処。
以前fail2banを入れたが、(それが原因かわからないが)ハングアップしたのでやめた。
iptablesについてはコピペから脱出!iptablesの仕組みを理解して環境に合わせた設定をしよう | OXY NOTESが詳しい。
update_iptables.sh
download
Ansibleと組み合わせて(゚д゚)ウマー
update_iptables.sh
# !/bin/sh
set -eu
DROPLIST="droplist.txt"
head() {
echo "*mangle"
echo ":PREROUTING ACCEPT"
echo ":INPUT ACCEPT"
echo ":FORWARD ACCEPT"
echo ":OUTPUT ACCEPT"
echo ":POSTROUTING ACCEPT"
echo "COMMIT"
echo ""
echo "*nat"
echo ":PREROUTING ACCEPT"
echo ":POSTROUTING ACCEPT"
echo ":OUTPUT ACCEPT"
echo "COMMIT"
echo ""
echo "*filter"
echo ":INPUT ACCEPT"
echo ":FORWARD ACCEPT"
echo ":OUTPUT ACCEPT"
}
body() {
cat ${DROPLIST} | while read line
do
STRCHECK=$(echo ${line} | cut -c 1)
if [ $STRCHECK != "#" ];then
echo "-A INPUT -s ${line} -j DROP"
fi
done
}
foot() {
echo "-A INPUT -j ACCEPT"
echo "COMMIT"
}
head > rule
body >> rule
foot >> rule
for target in mangle nat filter
do
iptables -F -t $target
done
iptables-restore < rule
for target in mangle nat filter
do
echo
echo "## $target"
iptables -nL -t $target
done
実行
sudo sh update_iptables.sh
次回起動時にも適用するには /etc/rc.local で update_iptables.sh を実行させればよい
仕様
update_iptables.shを実行するとdroplist.txtを一行づつ読み込みdrop指定。
- droplist.txtは以下の様な書式
droplist.txt
# なりすましメール送信者
23.239.20.57
198.58.96.176
72.14.182.114
173.230.157.247
# LOGIN FAILED
202.70.136.74
190.241.183.123
# メール認証に失敗
111.73.45.149
118.193.155.18
12.133.41.130
177.19.151.139
50.57.66.229
61.136.153.176
79.59.139.45
91.98.108.45
- iptables-restoreに渡す内容は以下のようになる。
rule
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
COMMIT
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -s 23.239.20.57 -j DROP
-A INPUT -s 198.58.96.176 -j DROP
-A INPUT -s 72.14.182.114 -j DROP
-A INPUT -s 173.230.157.247 -j DROP
-A INPUT -s 202.70.136.74 -j DROP
-A INPUT -s 190.241.183.123 -j DROP
-A INPUT -s 111.73.45.149 -j DROP
-A INPUT -s 118.193.155.18 -j DROP
-A INPUT -s 12.133.41.130 -j DROP
-A INPUT -s 177.19.151.139 -j DROP
-A INPUT -s 50.57.66.229 -j DROP
-A INPUT -s 61.136.153.176 -j DROP
-A INPUT -s 79.59.139.45 -j DROP
-A INPUT -s 91.98.108.45 -j DROP
-A INPUT -j ACCEPT
COMMIT
iptablesの結果
## mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
## nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
## filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP 0 -- 23.239.20.57 0.0.0.0/0
DROP 0 -- 198.58.96.176 0.0.0.0/0
DROP 0 -- 72.14.182.114 0.0.0.0/0
DROP 0 -- 173.230.157.247 0.0.0.0/0
DROP 0 -- 202.70.136.74 0.0.0.0/0
DROP 0 -- 190.241.183.123 0.0.0.0/0
DROP 0 -- 111.73.45.149 0.0.0.0/0
DROP 0 -- 118.193.155.18 0.0.0.0/0
DROP 0 -- 12.133.41.130 0.0.0.0/0
DROP 0 -- 177.19.151.139 0.0.0.0/0
DROP 0 -- 50.57.66.229 0.0.0.0/0
DROP 0 -- 61.136.153.176 0.0.0.0/0
DROP 0 -- 79.59.139.45 0.0.0.0/0
DROP 0 -- 91.98.108.45 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination