Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th June 2007, 04:57
cruz cruz is offline
Senior Member
 
Join Date: Apr 2007
Posts: 365
Thanks: 51
Thanked 2 Times in 2 Posts
Default need help with fail2ban install

I had to unistall fail2ban because I delited the wrong file. I reinstalled. when i got to the place were I was to create the file jail.local, i copied the the file from your install, pasted it to word. added my ip address for my laptop. then pasted it in the new file jail.local. when I restarted the program I got this error.
HTML Code:
server1:~# vi /etc/fail2ban/jail.local
server1:~# /etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2banTraceback (most recent call l                                                                             ast):
  File "/usr/bin/fail2ban-client", line 333, in ?
    if client.start(sys.argv):
  File "/usr/bin/fail2ban-client", line 311, in start
    return self.__processCommand(args)
  File "/usr/bin/fail2ban-client", line 175, in __processCommand
    self.__readConfig()
  File "/usr/bin/fail2ban-client", line 315, in __readConfig
    self.__configurator.readAll()
  File "/usr/share/fail2ban/client/configurator.py", line 56, in readAll
    self.__jails.read()
  File "/usr/share/fail2ban/client/jailsreader.py", line 41, in read
    ConfigReader.read(self, "jail")
  File "/usr/share/fail2ban/client/configreader.py", line 57, in read
    SafeConfigParser.read(self, [bConf, bLocal])
  File "/usr/lib/python2.4/ConfigParser.py", line 267, in read
    self._read(fp, filename)
  File "/usr/lib/python2.4/ConfigParser.py", line 462, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/fail2ban/jail.local, line: 4
'ignoreip = 127.0.0.1 192.168.1.101\n'
 failed!
What dose this all mean. It sounded like all I had to change was to add my ip to the ignoreip line.
Reply With Quote
Sponsored Links
  #2  
Old 25th June 2007, 16:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

What's in /etc/fail2ban/jail.local?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 26th June 2007, 04:48
cruz cruz is offline
Senior Member
 
Join Date: Apr 2007
Posts: 365
Thanks: 51
Thanked 2 Times in 2 Posts
Default here you go

[HTML][[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 192.168.1.101 192.168.1.102
bantime = 600
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
# This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost

# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]


[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5


[apache]

enabled = true
port = http
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 5


[apache-noscript]

enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 5


[vsftpd]

enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/auth.log
maxretry = 5


[proftpd]

enabled = true
port = ftp
filter = proftpd
logpath = /var/log/auth.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry = 5


[wuftpd]

enabled = false
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 5


[postfix]

enabled = false
port = smtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 5


[courierpop3]

enabled = true
port = pop3
filter = courierlogin
failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5


[courierimap]

enabled = true
port = imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5


[sasl]

enabled = true
port = smtp
filter = sasl
failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
logpath = /var/log/mail.log
maxretry = 5/HTML] this is the file I had copied to a text doc. when I checked the file in /etc/fail3ban/jail.local it had a missing part in the front of the file. I fixed it and then restarted it and got this. Is this corect responce after the restart? (Restarting authentication failure monitor: fail2ban) then it ends up at the comand promp.

Last edited by cruz; 26th June 2007 at 05:14.
Reply With Quote
  #4  
Old 27th June 2007, 18:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by cruz
Is this corect responce after the restart? (Restarting authentication failure monitor: fail2ban) then it ends up at the comand promp.
Can you check the output of
Code:
ps aux
to see if it's running? If it is, I think you're good to go.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 27th June 2007, 19:21
cruz cruz is offline
Senior Member
 
Join Date: Apr 2007
Posts: 365
Thanks: 51
Thanked 2 Times in 2 Posts
Default results from ps aux

I do not see it on here.
HTML Code:
larry@server1:~$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.2   1944   652 ?        Ss   09:55   0:01 init [2]
root         2  0.0  0.0      0     0 ?        S    09:55   0:00 [migration/0]
root         3  0.0  0.0      0     0 ?        SN   09:55   0:00 [ksoftirqd/0]
root         4  0.0  0.0      0     0 ?        S<   09:55   0:00 [events/0]
root         5  0.0  0.0      0     0 ?        S<   09:55   0:00 [khelper]
root         6  0.0  0.0      0     0 ?        S<   09:55   0:00 [kthread]
root         9  0.0  0.0      0     0 ?        S<   09:55   0:00 [kblockd/0]
root        10  0.0  0.0      0     0 ?        S<   09:55   0:00 [kacpid]
root        81  0.0  0.0      0     0 ?        S<   09:55   0:00 [kseriod]
root       117  0.0  0.0      0     0 ?        S    09:55   0:00 [pdflush]
root       118  0.0  0.0      0     0 ?        S    09:55   0:00 [pdflush]
root       119  0.0  0.0      0     0 ?        S<   09:55   0:00 [kswapd0]
root       120  0.0  0.0      0     0 ?        S<   09:55   0:00 [aio/0]
root       574  0.0  0.0      0     0 ?        S<   09:55   0:00 [khubd]
root       937  0.0  0.0      0     0 ?        S<   09:55   0:00 [kjournald]
root      1114  0.0  0.2   2176   612 ?        S<s  09:55   0:00 udevd --daemon
root      1414  0.0  0.0      0     0 ?        S<   09:55   0:00 [kpsmoused]
root      1721  0.0  0.0      0     0 ?        S<   09:55   0:00 [kmirrord]
daemon    1908  0.0  0.1   1688   376 ?        Ss   09:55   0:00 /sbin/portmap
root      2111  0.0  0.2   1624   564 ?        Ss   09:55   0:00 /sbin/syslogd -
root      2117  0.0  0.1   1580   388 ?        Ss   09:55   0:00 /sbin/klogd -x
root      2191  0.0  0.5   2672  1340 ?        S    09:55   0:00 /bin/sh /usr/bi
mysql     2228  0.0  6.7 127276 17412 ?        Sl   09:55   0:00 /usr/sbin/mysql
root      2229  0.0  0.1   1564   512 ?        S    09:55   0:00 logger -p daemo
root      2341  0.0  0.2   1572   560 ?        Ss   09:55   0:00 /usr/sbin/acpid
root      2345  0.0  0.1   1756   404 ?        S    09:55   0:00 /usr/sbin/couri
root      2346  0.0  0.2   1908   604 ?        S    09:55   0:00 /usr/lib/courie
root      2353  0.0  0.1   1908   272 ?        S    09:55   0:00 /usr/lib/courie
root      2354  0.0  0.1   1908   272 ?        S    09:55   0:00 /usr/lib/courie
root      2355  0.0  0.1   1908   272 ?        S    09:55   0:00 /usr/lib/courie
root      2356  0.0  0.1   1908   272 ?        S    09:55   0:00 /usr/lib/courie
root      2357  0.0  0.1   1908   272 ?        S    09:55   0:00 /usr/lib/courie
root      2361  0.0  0.1   1752   328 ?        S    09:55   0:00 /usr/sbin/couri
root      2362  0.0  0.2   1852   552 ?        S    09:55   0:00 /usr/sbin/couri
root      2373  0.0  0.1   1756   332 ?        S    09:55   0:00 /usr/sbin/couri
root      2374  0.0  0.2   1852   556 ?        S    09:55   0:00 /usr/sbin/couri
root      2379  0.0  0.1   1856   508 ?        S    09:55   0:00 /usr/sbin/couri
root      2385  0.0  0.1   1620   316 ?        S    09:55   0:00 /usr/sbin/couri
root      2392  0.0  0.1   1752   328 ?        S    09:55   0:00 /usr/sbin/couri
root      2393  0.0  0.2   1852   552 ?        S    09:55   0:00 /usr/sbin/couri
root      2402  0.0  0.2   1752   568 ?        Ss   09:55   0:00 /usr/sbin/inetd
root      2481  0.0  0.3   7216   984 ?        Ss   09:55   0:00 /usr/sbin/sasla
root      2482  0.0  0.2   7216   540 ?        S    09:55   0:00 /usr/sbin/sasla
root      2483  0.0  0.1   7216   360 ?        S    09:55   0:00 /usr/sbin/sasla
root      2484  0.0  0.1   7216   360 ?        S    09:55   0:00 /usr/sbin/sasla
root      2485  0.0  0.1   7216   360 ?        S    09:55   0:00 /usr/sbin/sasla
root      2491  0.0  0.4   4924  1088 ?        Ss   09:55   0:00 /usr/sbin/sshd
statd     2531  0.0  0.2   1756   740 ?        Ss   09:55   0:00 /sbin/rpc.statd
ntp       2548  0.0  0.5   4132  1336 ?        Ss   09:55   0:00 /usr/sbin/ntpd
daemon    2572  0.0  0.1   1828   412 ?        Ss   09:55   0:00 /usr/sbin/atd
root      2579  0.0  0.3   2192   876 ?        Ss   09:55   0:00 /usr/sbin/cron
root      2614  0.0  1.5 121336  4008 ?        Sl   09:55   0:00 python2.4 /usr/
root      2823  0.0  3.4  14612  8732 ?        Ss   09:56   0:00 /root/ispconfig
root      2824  0.0  0.4   2644  1268 ?        S    09:56   0:00 /bin/bash /root
1001      2829  0.0  2.9  14612  7500 ?        S    09:56   0:00 /root/ispconfig
root      2844  0.0  4.7  36376 12160 ?        Ss   09:56   0:00 /usr/sbin/apach
root      2845  0.0  0.1   1488   288 ?        S    09:56   0:00 /root/ispconfig
www-data  2865  0.0  2.1  36508  5464 ?        S    09:56   0:00 /usr/sbin/apach
www-data  2866  0.0  2.0  36376  5324 ?        S    09:56   0:00 /usr/sbin/apach
www-data  2867  0.0  2.0  36376  5320 ?        S    09:56   0:00 /usr/sbin/apach
www-data  2868  0.0  2.0  36376  5320 ?        S    09:56   0:00 /usr/sbin/apach
www-data  2869  0.0  2.0  36376  5320 ?        S    09:56   0:00 /usr/sbin/apach
root      2930  0.0  0.6   4812  1624 ?        Ss   09:56   0:00 /usr/lib/postfi
postfix   2939  0.0  0.6   4820  1576 ?        S    09:56   0:00 pickup -l -t fi
postfix   2940  0.0  0.6   4856  1616 ?        S    09:56   0:00 qmgr -l -t fifo
bind      2960  0.0  1.0  30268  2744 ?        Ssl  09:56   0:00 /usr/sbin/named
proftpd   2981  0.0  0.5   9152  1508 ?        Ss   09:56   0:00 proftpd: (accep
1001      2990  0.0  0.4   2496  1064 ?        Ss   09:56   0:00 /home/admispcon
root      3016  0.0  0.1   1576   496 tty1     Ss+  09:56   0:00 /sbin/getty 384
root      3017  0.0  0.1   1576   496 tty2     Ss+  09:56   0:00 /sbin/getty 384
root      3018  0.0  0.1   1572   492 tty3     Ss+  09:56   0:00 /sbin/getty 384
root      3019  0.0  0.1   1572   492 tty4     Ss+  09:56   0:00 /sbin/getty 384
root      3020  0.0  0.1   1572   492 tty5     Ss+  09:56   0:00 /sbin/getty 384
root      3023  0.0  0.1   1572   492 tty6     Ss+  09:56   0:00 /sbin/getty 384
root      3464  0.2  0.8   7700  2288 ?        Ss   10:16   0:00 sshd: larry [pr
larry     3468  0.0  0.6   7700  1588 ?        S    10:16   0:00 sshd: larry@pts
larry     3469  3.6  1.1   5384  2916 pts/0    Ss   10:16   0:00 -bash
root      3489  0.0  0.1   1564   400 ?        S    10:16   0:00 sleep 10
larry     3490  0.0  0.3   3428  1000 pts/0    R+   10:16   0:00 ps aux
I might be missing it for some reason.
Reply With Quote
  #6  
Old 28th June 2007, 21:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

I don't see it either.
Any errors in your logs? What's in var/log/fail2ban.log?
What's in /etc/init.d/fail2ban?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
problem install perl modules Cirox Installation/Configuration 10 16th May 2007 16:04
VMWare Server Free License - Invalid bardgd HOWTO-Related Questions 6 19th November 2006 17:50
install Net::DNS chrno Installation/Configuration 4 5th September 2006 17:01
/usr/bin/make install install HTML::Parser -- NOT OK oddo Installation/Configuration 4 14th March 2006 18:32
Mandriva 10.2 Perfect Setup Install Problems... ctroyp Installation/Configuration 12 30th December 2005 16:04


All times are GMT +2. The time now is 10:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.