HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   fail2ban is no working (http://www.howtoforge.com/forums/showthread.php?t=53686)

mentes 6th August 2011 13:38

fail2ban is no working
 
I think is not working, this is the whole log:

Code:

root@main:~# cat /var/log/fail2ban.log
2011-08-05 20:56:20,180 fail2ban.server : INFO  Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-08-05 20:56:20,181 fail2ban.jail  : INFO  Creating new jail 'ssh'
2011-08-05 20:56:20,181 fail2ban.jail  : INFO  Jail 'ssh' uses poller
2011-08-05 20:56:20,231 fail2ban.filter : INFO  Added logfile = /var/log/auth.log
2011-08-05 20:56:20,231 fail2ban.filter : INFO  Set maxRetry = 6
2011-08-05 20:56:20,232 fail2ban.filter : INFO  Set findtime = 600
2011-08-05 20:56:20,233 fail2ban.actions: INFO  Set banTime = 600
2011-08-05 20:56:20,312 fail2ban.jail  : INFO  Jail 'ssh' started
2011-08-05 21:01:04,889 fail2ban.jail  : INFO  Jail 'ssh' stopped
2011-08-05 21:01:04,889 fail2ban.server : INFO  Exiting Fail2ban

Code:

root@main:~# /etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban failed!

Code:

root@main:~# /etc/init.d/fail2ban stop
root@main:~# /etc/init.d/fail2ban start
root@main:~#


pititis 6th August 2011 14:45

Try to change the log level to see exactly this issue.

edit /etc/fail2ban/fail2ban.conf and set loglevel = 4

mentes 6th August 2011 16:54

Quote:

Originally Posted by pititis (Post 261102)
Try to change the log level to see exactly this issue.

edit /etc/fail2ban/fail2ban.conf and set loglevel = 4

I do that, and nothing happens. The log is exactly the same.

pititis 6th August 2011 17:16

Did you restart fail2ban? :D

mentes 6th August 2011 17:43

Quote:

Originally Posted by pititis (Post 261107)
Did you restart fail2ban? :D

Of course!

/etc/init.d/fail2ban restart --> with error

and then
/etc/init.d/fail2ban stop
/etc/init.d/fail2ban start

without error

New test:

Code:

root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is not running ... (warning).
root@main:~# /etc/init.d/fail2ban force-start
root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is not running ... (warning).
root@main:~#


pititis 6th August 2011 18:10

When you set loglevel = 4 (debug) your log /var/log/fail2ban.log must contain debug messages after restart fail2fan daemon.

Just re-check

mentes 6th August 2011 18:19

I'm sure what I do, but I'm not sure what happens.

Code:

root@main:~# cat /etc/fail2ban/fail2ban.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 629 $
#

[Definition]

# Option:  loglevel
# Notes.:  Set the log level output.
#          1 = ERROR
#          2 = WARN
#          3 = INFO
#          4 = DEBUG
# Values:  NUM  Default:  3
#
loglevel = 4

# Option:  logtarget
# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#          Only one log target can be specified.
# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
#
logtarget = /var/log/fail2ban.log

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#        not remove this file when Fail2ban runs. It will not be possible to
#        communicate with the server afterwards.
# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock

I have restarted it some times, and the server too but log still contains the same.

Code:

root@main:~# cat /var/log/fail2ban.log
2011-08-05 20:56:20,180 fail2ban.server : INFO  Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-08-05 20:56:20,181 fail2ban.jail  : INFO  Creating new jail 'ssh'
2011-08-05 20:56:20,181 fail2ban.jail  : INFO  Jail 'ssh' uses poller
2011-08-05 20:56:20,231 fail2ban.filter : INFO  Added logfile = /var/log/auth.log
2011-08-05 20:56:20,231 fail2ban.filter : INFO  Set maxRetry = 6
2011-08-05 20:56:20,232 fail2ban.filter : INFO  Set findtime = 600
2011-08-05 20:56:20,233 fail2ban.actions: INFO  Set banTime = 600
2011-08-05 20:56:20,312 fail2ban.jail  : INFO  Jail 'ssh' started
2011-08-05 21:01:04,889 fail2ban.jail  : INFO  Jail 'ssh' stopped
2011-08-05 21:01:04,889 fail2ban.server : INFO  Exiting Fail2ban
root@main:~#

:confused:

mentes 6th August 2011 21:19

Solved
 
Solved executing:

fail2ban-client reload

I found the problem:

ERROR /etc/fail2ban/filter.d/pureftpd.conf and /etc/fail2ban/filter.d/pureftpd.local do not exist

root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is running. :D


All times are GMT +2. The time now is 13:17.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.