View Single Post
  #1  
Old 24th January 2011, 10:28
florix.net florix.net is offline
Member
 
Join Date: Oct 2010
Posts: 42
Thanks: 4
Thanked 1 Time in 1 Post
Default Help with Fail2ban

My fail2ban log is showing following entries ....I am not sure if it is really working. Can someone help with this?

I am interested in blocking failed SSH and SMTP, POP attempts.

Richard

--------------------------------------------------------------------

2010-12-09 01:03:28,945 fail2ban.actions.action: INFO Set actionUnban =
2010-12-09 01:03:28,946 fail2ban.actions.action: INFO Set actionCheck =
2010-12-09 01:49:26,359 fail2ban.jail : INFO Using Gamin
2010-12-09 01:49:26,387 fail2ban.filter : INFO Created Filter
2010-12-09 01:49:26,442 fail2ban.filter : INFO Created FilterGamin
2010-12-09 01:49:26,445 fail2ban.filter : INFO Added logfile = /var/log/secure
2010-12-09 01:49:26,449 fail2ban.filter : INFO Set maxRetry = 5
2010-12-09 01:49:26,450 fail2ban.filter : INFO Set findtime = 600
2010-12-09 01:49:26,451 fail2ban.actions: INFO Set banTime = 600
2010-12-09 01:49:26,495 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2010-12-09 01:49:26,496 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2010-12-09 01:49:26,497 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2010-12-09 01:49:26,498 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2010-12-09 01:49:26,498 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2010-12-09 01:49:26,501 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-09 01:49:26,502 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-09 01:49:26,503 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-09 01:49:26,504 fail2ban.actions.action: INFO Set actionUnban =
2010-12-09 01:49:26,505 fail2ban.actions.action: INFO Set actionCheck =
2010-12-12 04:02:36,282 fail2ban.filter : INFO Log rotation detected for /var/log/secure
2010-12-12 05:01:16,548 fail2ban.filter : INFO Log rotation detected for /var/log/secure
2010-12-14 17:56:29,153 fail2ban.jail : INFO Using Gamin
2010-12-14 17:56:29,290 fail2ban.filter : INFO Created Filter
2010-12-14 17:56:29,451 fail2ban.filter : INFO Created FilterGamin
2010-12-14 17:56:29,464 fail2ban.filter : INFO Added logfile = /var/log/secure
2010-12-14 17:56:29,470 fail2ban.filter : INFO Set maxRetry = 5
2010-12-14 17:56:29,471 fail2ban.filter : INFO Set findtime = 600
2010-12-14 17:56:29,472 fail2ban.actions: INFO Set banTime = 600
2010-12-14 17:56:29,523 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2010-12-14 17:56:29,523 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2010-12-14 17:56:29,524 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2010-12-14 17:56:29,525 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2010-12-14 17:56:29,526 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2010-12-14 17:56:29,529 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-14 17:56:29,530 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-14 17:56:29,531 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-14 17:56:29,532 fail2ban.actions.action: INFO Set actionUnban =
2010-12-14 17:56:29,533 fail2ban.actions.action: INFO Set actionCheck =
2010-12-14 18:30:40,531 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
Reply With Quote
Sponsored Links