View Single Post
  #1  
Old 24th June 2007, 04:31
boast boast is offline
Junior Member
 
Join Date: Jun 2007
Posts: 14
Thanks: 3
Thanked 0 Times in 0 Posts
Default Can't get fail2ban to work.

So I see this in my proftpd logs
Code:
Jun 23 21:20:37 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 75962 usecs
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 2 usecs
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 19765 usecs
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): Maximum login attempts (3) exceeded
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session closed.
Jun 23 21:20:41 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 238 usecs
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 149 usecs
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 103394 usecs
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 623 usecs
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): Maximum login attempts (3) exceeded
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session closed.
Jun 23 21:20:45 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 77 usecs
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 169 usecs
Jun 23 21:20:47 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Yet fail2ban log's show nothing.

I copied everything the tutorial said. But it had logpath pointing to auth.log, but since proftpd has it's own log, I'm not sure if I have it set right.

Code:
[proftpd]

enabled  = true
port     = ftp
filter   = proftpd
logpath  = /var/log/proftpd/proftpd.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry = 5
How can I personally test if it works. I don't even know how to ban IP's, I had to shut everything down.


edit; changing it to
Code:
failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
worked

Last edited by boast; 4th July 2007 at 18:16.
Reply With Quote
Sponsored Links