#1  
Old 30th March 2009, 22:36
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default fail2ban Logs

Hi

I have installed fail2ban but I'm having trouble finding the logs that relate to a failed:

1. htaccess login
2. proftp login

I read the apache httpd.conf file and found that the server logs were installed in:

/etc/httpd/logs

I read the error_log file and found that these errors relate to server level errors.

For example hackers trying to find directories such as https://server.net/admin

At the bottom of the apache httpd.conf file is the directive that points to the ISPConfig includes file:

/root/ispconfig/httpd/conf/httpd.conf

Examining this file points to error logs in:

/home/www/web[n]/logs/error.log

These logs contain errors such as failed favicon download attempts etc.

If I pointed fail2ban at any of the error logs I would ban everybody who came to one of my sites.

Is there a set of logs that record every failed password attempt - proftp, apache, ssh ... etc or am I going to have to set them up myself.

The only thing I have found that is close (I am on centos5.2 64bit) is:

/var/log/secure

But this only records SSH password failures.

Any help would be appreciated.

Kind Regards,

Adrian Smith
Reply With Quote
Sponsored Links
  #2  
Old 30th March 2009, 23:12
lano lano is offline
Member
 
Join Date: May 2007
Posts: 94
Thanks: 10
Thanked 8 Times in 7 Posts
Default

Take a look this tutorial http://www.howtoforge.com/fail2ban_debian_etch
Reply With Quote
  #3  
Old 31st March 2009, 00:45
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Hi Iano

Thanks for the reply.

I wish it was that simple. I have setup fail2ban and it's running nicely. However, my logs are different to the tutorial and I can't fine the logs that record a failed apache login or a failed proftp login on a per website basis.

Does anybody know where ISPConfig records failed logins?

Kind Regards,

Adrian Smith
Reply With Quote
  #4  
Old 31st March 2009, 18:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,750 Times in 2,580 Posts
Default

The error logs are located in /var/www/web1/log, /var/www/web2/log, etc.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 31st March 2009, 22:23
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Thanks but I think you missed the line above.

I have checked:

/home/www/web[n]/logs/error.log

They do not detect failed htaccess/ftp login attempts.

Should they?

Kind Regards

Adrian
Reply With Quote
  #6  
Old 1st April 2009, 15:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,750 Times in 2,580 Posts
Default

Oh, sorry, I must have overread that.

Did you check the overall Apache error log and the auth log in /var/log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
centos 5.2, fail2ban

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban not working linuxwannabe Installation/Configuration 1 25th January 2009 07:09
Fail2Ban not banning? tristanlee85 Server Operation 4 15th October 2008 14:44
Fail2ban not working on FC9 nanotechgeek2 HOWTO-Related Questions 3 6th October 2008 11:22
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 21:16
Apache won't start: "Too many files error"? bpmee Server Operation 4 31st July 2007 14:37


All times are GMT +2. The time now is 11:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.