View Single Post
  #3  
Old 26th June 2007, 04:48
cruz cruz is offline
Senior Member
 
Join Date: Apr 2007
Posts: 365
Thanks: 51
Thanked 2 Times in 2 Posts
Default here you go

[HTML][[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 192.168.1.101 192.168.1.102
bantime = 600
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
# This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost

# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]


[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5


[apache]

enabled = true
port = http
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 5


[apache-noscript]

enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 5


[vsftpd]

enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/auth.log
maxretry = 5


[proftpd]

enabled = true
port = ftp
filter = proftpd
logpath = /var/log/auth.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry = 5


[wuftpd]

enabled = false
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 5


[postfix]

enabled = false
port = smtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 5


[courierpop3]

enabled = true
port = pop3
filter = courierlogin
failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5


[courierimap]

enabled = true
port = imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5


[sasl]

enabled = true
port = smtp
filter = sasl
failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
logpath = /var/log/mail.log
maxretry = 5/HTML] this is the file I had copied to a text doc. when I checked the file in /etc/fail3ban/jail.local it had a missing part in the front of the file. I fixed it and then restarted it and got this. Is this corect responce after the restart? (Restarting authentication failure monitor: fail2ban) then it ends up at the comand promp.

Last edited by cruz; 26th June 2007 at 05:14.
Reply With Quote