View Single Post
  #4  
Old 9th June 2009, 22:16
KenMasters KenMasters is offline
Junior Member
 
Join Date: Feb 2009
Posts: 9
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Lol, nevermind, I made a configuration error, being new to fail2ban. I didn't realize the jails had to be activated before it would start logging. You'd think it would log something, even a "no jails active" message.

Now my problem is that I can't seem to figure out why it's not working correctly. I'm not sure what I should enable, or what's safe with ISPConfig 3. I'm getting logs, but they look like this:

Code:
2009-06-09 15:06:59,959 fail2ban.jail : INFO Using Gamin
2009-06-09 15:06:59,967 fail2ban.filter : INFO Created Filter
2009-06-09 15:06:59,967 fail2ban.filter : INFO Created FilterGamin
2009-06-09 15:06:59,968 fail2ban.filter : INFO Set maxRetry = 5
2009-06-09 15:06:59,970 fail2ban.filter : INFO Set findtime = 600
2009-06-09 15:06:59,971 fail2ban.actions: INFO Set banTime = 3600
2009-06-09 15:06:59,998 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2009-06-09 15:06:59,998 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2009-06-09 15:06:59,999 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2009-06-09 15:06:59,999 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2009-06-09 15:07:00,000 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2009-06-09 15:07:00,001 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,002 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,002 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,003 fail2ban.actions.action: INFO Set actionUnban =
2009-06-09 15:07:00,003 fail2ban.actions.action: INFO Set actionCheck =
2009-06-09 15:07:00,005 fail2ban.jail : INFO Using Gamin
2009-06-09 15:07:00,005 fail2ban.filter : INFO Created Filter
2009-06-09 15:07:00,005 fail2ban.filter : INFO Created FilterGamin
2009-06-09 15:07:00,005 fail2ban.filter : INFO Set maxRetry = 3
2009-06-09 15:07:00,007 fail2ban.filter : INFO Set findtime = 600
2009-06-09 15:07:00,007 fail2ban.actions: INFO Set banTime = 300
2009-06-09 15:07:00,008 fail2ban.actions.action: INFO Set actionBan = IP= &&
printf %b "ALL: $IP\n" >>
2009-06-09 15:07:00,009 fail2ban.actions.action: INFO Set actionStop =
2009-06-09 15:07:00,009 fail2ban.actions.action: INFO Set actionStart =
2009-06-09 15:07:00,010 fail2ban.actions.action: INFO Set actionUnban = IP= && sed -i.old /ALL:\ $IP/d
2009-06-09 15:07:00,010 fail2ban.actions.action: INFO Set actionCheck =
2009-06-09 15:07:00,011 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,012 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,012 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,013 fail2ban.actions.action: INFO Set actionUnban =
2009-06-09 15:07:00,013 fail2ban.actions.action: INFO Set actionCheck =
2009-06-09 15:07:00,014 fail2ban.jail : INFO Using Gamin
2009-06-09 15:07:00,015 fail2ban.filter : INFO Created Filter
2009-06-09 15:07:00,015 fail2ban.filter : INFO Created FilterGamin
2009-06-09 15:07:00,015 fail2ban.filter : INFO Set maxRetry = 3
2009-06-09 15:07:00,016 fail2ban.comm : WARNING Invalid command: ['set', 'ssh-tcpwrapper', 'ignoreregex', 'for myuser from']
This doesn't look like any of the logs I've seen elsewhere.


Edit: I believe I enabled two conflicting jails. I'm now getting sane messages in my logs, and the email confirmations are working. Still not sure what's safe to use in conjunction with ISPC3, but I'll go with it for now.

Last edited by KenMasters; 10th June 2009 at 00:31. Reason: I think it's okay. Suggestions welcome.
Reply With Quote