#1  
Old 24th January 2011, 09:28
florix.net florix.net is offline
Member
 
Join Date: Oct 2010
Posts: 42
Thanks: 4
Thanked 1 Time in 1 Post
Default Help with Fail2ban

My fail2ban log is showing following entries ....I am not sure if it is really working. Can someone help with this?

I am interested in blocking failed SSH and SMTP, POP attempts.

Richard

--------------------------------------------------------------------

2010-12-09 01:03:28,945 fail2ban.actions.action: INFO Set actionUnban =
2010-12-09 01:03:28,946 fail2ban.actions.action: INFO Set actionCheck =
2010-12-09 01:49:26,359 fail2ban.jail : INFO Using Gamin
2010-12-09 01:49:26,387 fail2ban.filter : INFO Created Filter
2010-12-09 01:49:26,442 fail2ban.filter : INFO Created FilterGamin
2010-12-09 01:49:26,445 fail2ban.filter : INFO Added logfile = /var/log/secure
2010-12-09 01:49:26,449 fail2ban.filter : INFO Set maxRetry = 5
2010-12-09 01:49:26,450 fail2ban.filter : INFO Set findtime = 600
2010-12-09 01:49:26,451 fail2ban.actions: INFO Set banTime = 600
2010-12-09 01:49:26,495 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2010-12-09 01:49:26,496 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2010-12-09 01:49:26,497 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2010-12-09 01:49:26,498 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2010-12-09 01:49:26,498 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2010-12-09 01:49:26,501 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-09 01:49:26,502 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-09 01:49:26,503 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-09 01:49:26,504 fail2ban.actions.action: INFO Set actionUnban =
2010-12-09 01:49:26,505 fail2ban.actions.action: INFO Set actionCheck =
2010-12-12 04:02:36,282 fail2ban.filter : INFO Log rotation detected for /var/log/secure
2010-12-12 05:01:16,548 fail2ban.filter : INFO Log rotation detected for /var/log/secure
2010-12-14 17:56:29,153 fail2ban.jail : INFO Using Gamin
2010-12-14 17:56:29,290 fail2ban.filter : INFO Created Filter
2010-12-14 17:56:29,451 fail2ban.filter : INFO Created FilterGamin
2010-12-14 17:56:29,464 fail2ban.filter : INFO Added logfile = /var/log/secure
2010-12-14 17:56:29,470 fail2ban.filter : INFO Set maxRetry = 5
2010-12-14 17:56:29,471 fail2ban.filter : INFO Set findtime = 600
2010-12-14 17:56:29,472 fail2ban.actions: INFO Set banTime = 600
2010-12-14 17:56:29,523 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2010-12-14 17:56:29,523 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2010-12-14 17:56:29,524 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2010-12-14 17:56:29,525 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2010-12-14 17:56:29,526 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2010-12-14 17:56:29,529 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-14 17:56:29,530 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-14 17:56:29,531 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2010-12-14 17:56:29,532 fail2ban.actions.action: INFO Set actionUnban =
2010-12-14 17:56:29,533 fail2ban.actions.action: INFO Set actionCheck =
2010-12-14 18:30:40,531 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
Reply With Quote
Sponsored Links
  #2  
Old 25th January 2011, 14:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Do you see blocked IPs in the output of
Code:
iptables -L
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th January 2011, 18:37
florix.net florix.net is offline
Member
 
Join Date: Oct 2010
Posts: 42
Thanks: 4
Thanked 1 Time in 1 Post
Default

Hi,

There are no blocked IPs in the iptables list command output.

Should I upload my fail2ban config files? Which files I should upload?

Richard
Reply With Quote
  #4  
Old 25th January 2011, 19:25
akamarinos akamarinos is offline
Junior Member
 
Join Date: Jan 2009
Posts: 24
Thanks: 6
Thanked 6 Times in 5 Posts
Default

you should read chapter 6.5 of the manual

you might have to make some modifications in the configuration files if your
distribution is not Debian/Ubuntu
Reply With Quote
  #5  
Old 26th January 2011, 00:53
florix.net florix.net is offline
Member
 
Join Date: Oct 2010
Posts: 42
Thanks: 4
Thanked 1 Time in 1 Post
Default

Hi,

I dont have access to manual ... I feel I will uninstall the fail2ban and install again.


What will be the correct way to do so?

yum remove fail2ban?


Richard
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Need help with fail2ban on centos 5.3 rlischer Installation/Configuration 3 14th August 2009 11:47
fail2ban not working linuxwannabe Installation/Configuration 1 25th January 2009 06:09
Fail2Ban not banning? tristanlee85 Server Operation 4 15th October 2008 13:44
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 20:16


All times are GMT +2. The time now is 07:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.