View Single Post
  #1  
Old 25th March 2011, 02:57
aberrio aberrio is offline
Senior Member
 
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default Fail2ban unable to ban

Hello,

I installed fail2ban in opensuse 11.3 server. After restarted status shows

www:~ # fail2ban-client status
Status
|- Number of jail: 0
`- Jail list:

But I do have apache and pureftpd fail active, and of course fail2ban is not banning. I notice that the fail2ban log file is old no new entries on it.

I do have ipatables on but is fail2ban is not active.

www:~ # iptables -n -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED
input_ext all -- 0.0.0.0/0 0.0.0.0/0
input_ext all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0
www:~ #


Here is my jail file..

[apache-nohome]
enabled = true
filter = apache-nohome
action = iptables-multiport[name=apache-nohome, port="http,https"]
sendmail-buffered[name=apache-nohome, lines=5, dest=admin@wwwwwww.xxx]
[name=apache-overflows, port=http,https, protocol=tcp]
logpath = /var/log/apache2/error_log
bantime = 86400
maxretry = 1



[pureftpd-iptables]
enabled = true
filter = pure-ftpd
action = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
sendmail-whois[name=pure-ftpd, dest=admin@xxxxxxxxx.net, sender=fail2ban@xxxxxxx.net]
logpath = /var/log/warn
maxretry = 3


I tested with www:~ # fail2ban-regex /var/log/warn /etc/fail2ban/filter.d/pure-ftpd.conf

Success, the total number of match is 22827

Any sugestion.

Reagrds,

Al

Last edited by aberrio; 25th March 2011 at 03:03.
Reply With Quote
Sponsored Links