HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Fail2ban unable to ban (http://www.howtoforge.com/forums/showthread.php?t=52023)

aberrio 25th March 2011 02:57

Fail2ban unable to ban
 
Hello,

I installed fail2ban in opensuse 11.3 server. After restarted status shows

www:~ # fail2ban-client status
Status
|- Number of jail: 0
`- Jail list:

But I do have apache and pureftpd fail active, and of course fail2ban is not banning. I notice that the fail2ban log file is old no new entries on it.

I do have ipatables on but is fail2ban is not active.

www:~ # iptables -n -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED
input_ext all -- 0.0.0.0/0 0.0.0.0/0
input_ext all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0
www:~ #


Here is my jail file..

[apache-nohome]
enabled = true
filter = apache-nohome
action = iptables-multiport[name=apache-nohome, port="http,https"]
sendmail-buffered[name=apache-nohome, lines=5, dest=admin@wwwwwww.xxx]
[name=apache-overflows, port=http,https, protocol=tcp]
logpath = /var/log/apache2/error_log
bantime = 86400
maxretry = 1



[pureftpd-iptables]
enabled = true
filter = pure-ftpd
action = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
sendmail-whois[name=pure-ftpd, dest=admin@xxxxxxxxx.net, sender=fail2ban@xxxxxxx.net]
logpath = /var/log/warn
maxretry = 3


I tested with www:~ # fail2ban-regex /var/log/warn /etc/fail2ban/filter.d/pure-ftpd.conf

Success, the total number of match is 22827

Any sugestion.

Reagrds,

Al


All times are GMT +2. The time now is 15:07.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.