Thread: Need help with fail2ban on centos 5.3
View Single Post
  #2  
Old 13th August 2009, 21:53
rlischer rlischer is offline
Senior Member
  
Join Date: Jul 2009
Posts: 120
Thanks: 5
Thanked 1 Time in 1 Post
Default
I did find 1 error on my part "enabled = false" needs to be "enabled = true" in the jail config. It still takes 7 failed attempts to get dropped, and does NOT ban my IP at all, so I can try to hack in all day.

It also shows up in my log now inside ISPConfig 3.

Code:
2009-08-13 11:42:58,295 fail2ban.jail : INFO Using Gamin
2009-08-13 11:42:58,301 fail2ban.filter : INFO Created Filter
2009-08-13 11:42:58,302 fail2ban.filter : INFO Created FilterGamin
2009-08-13 11:42:58,302 fail2ban.filter : INFO Added logfile = /var/log/secure
2009-08-13 11:42:58,305 fail2ban.filter : INFO Set maxRetry = 3
2009-08-13 11:42:58,306 fail2ban.filter : INFO Set findtime = 600
2009-08-13 11:42:58,306 fail2ban.actions: INFO Set banTime = 600
2009-08-13 11:42:58,329 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2009-08-13 11:42:58,329 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2009-08-13 11:42:58,330 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2009-08-13 11:42:58,330 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2009-08-13 11:42:58,331 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2009-08-13 11:42:58,332 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned 
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-13 11:42:58,333 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-13 11:42:58,333 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-13 11:42:58,334 fail2ban.actions.action: INFO Set actionUnban = 
2009-08-13 11:42:58,334 fail2ban.actions.action: INFO Set actionCheck = 
2009-08-13 11:42:58,335 fail2ban.jail : INFO Using Gamin
2009-08-13 11:42:58,335 fail2ban.filter : INFO Created Filter
2009-08-13 11:42:58,335 fail2ban.filter : INFO Created FilterGamin
2009-08-13 11:42:58,336 fail2ban.filter : INFO Set maxRetry = 3
2009-08-13 11:42:58,337 fail2ban.filter : INFO Set findtime = 600
2009-08-13 11:42:58,337 fail2ban.actions: INFO Set banTime = 300
2009-08-13 11:42:58,338 fail2ban.actions.action: INFO Set actionBan = IP= &&
printf %b "ALL: $IP\n" >> 
2009-08-13 11:42:58,339 fail2ban.actions.action: INFO Set actionStop = 
2009-08-13 11:42:58,339 fail2ban.actions.action: INFO Set actionStart = 
2009-08-13 11:42:58,340 fail2ban.actions.action: INFO Set actionUnban = IP= && sed -i.old /ALL:\ $IP/d 
2009-08-13 11:42:58,340 fail2ban.actions.action: INFO Set actionCheck = 
2009-08-13 11:42:58,341 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned 
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-13 11:42:58,341 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-13 11:42:58,342 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-13 11:42:58,342 fail2ban.actions.action: INFO Set actionUnban = 
2009-08-13 11:42:58,343 fail2ban.actions.action: INFO Set actionCheck = 
2009-08-13 11:42:58,344 fail2ban.jail : INFO Using Gamin
2009-08-13 11:42:58,344 fail2ban.filter : INFO Created Filter
2009-08-13 11:42:58,345 fail2ban.filter : INFO Created FilterGamin
2009-08-13 11:42:58,345 fail2ban.filter : INFO Set maxRetry = 3
2009-08-13 11:42:58,346 fail2ban.comm : WARNING Invalid command: ['set', 'ssh-tcpwrapper', 'ignoreregex', 'for myuser from']
Last edited by rlischer; 13th August 2009 at 22:27.
Reply With Quote