View Single Post
Old 25th March 2011, 03:57
aberrio aberrio is offline
Senior Member
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default Fail2ban unable to ban


I installed fail2ban in opensuse 11.3 server. After restarted status shows

www:~ # fail2ban-client status
|- Number of jail: 0
`- Jail list:

But I do have apache and pureftpd fail active, and of course fail2ban is not banning. I notice that the fail2ban log file is old no new entries on it.

I do have ipatables on but is fail2ban is not active.

www:~ # iptables -n -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all --
ACCEPT icmp -- state RELATED
input_ext all --
input_ext all --
LOG all -- limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP all --
www:~ #

Here is my jail file..

enabled = true
filter = apache-nohome
action = iptables-multiport[name=apache-nohome, port="http,https"]
sendmail-buffered[name=apache-nohome, lines=5,]
[name=apache-overflows, port=http,https, protocol=tcp]
logpath = /var/log/apache2/error_log
bantime = 86400
maxretry = 1

enabled = true
filter = pure-ftpd
action = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
logpath = /var/log/warn
maxretry = 3

I tested with www:~ # fail2ban-regex /var/log/warn /etc/fail2ban/filter.d/pure-ftpd.conf

Success, the total number of match is 22827

Any sugestion.



Last edited by aberrio; 25th March 2011 at 04:03.
Reply With Quote
Sponsored Links