Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th February 2012, 23:34
RioSif RioSif is offline
Member
 
Join Date: Jan 2012
Posts: 31
Thanks: 7
Thanked 2 Times in 2 Posts
Default rkhunter and fail2ban logs not showing at ispconfig

Hello again,
i have a similar problem with this thread http://www.howtoforge.com/forums/showthread.php?t=44694 (which is not solved)
rkhunter and fail2ban logs not showing at ispconfig logfiles.
until yesterday rkhunter log was showing. i don't remember fail2ban to ever showed there...
Could you help?
I run ispconfig on centos 6.2 and nginx. Yesterday i did a yum update if that could help.
Thanks
Reply With Quote
Sponsored Links
  #2  
Old 7th February 2012, 09:14
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,007
Thanks: 840
Thanked 5,651 Times in 4,461 Posts
Default

In which logfile does rkhunter and fail2ban log their actions on your server?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 7th February 2012, 09:55
RioSif RioSif is offline
Member
 
Join Date: Jan 2012
Posts: 31
Thanks: 7
Thanked 2 Times in 2 Posts
Default

/var/log/fail2ban.log
/var/log/rkhunter/rkhunter.log

Here is the log of the updates i made before this happen:
Feb 05 20:39:33 Updated: glibc-common-2.12-1.47.el6_2.5.x86_64
Feb 05 20:39:46 Updated: glibc-2.12-1.47.el6_2.5.x86_64
Feb 05 20:39:48 Updated: php-common-5.3.10-2.el6.remi.x86_64
Feb 05 20:39:51 Updated: openssl-1.0.0-20.el6_2.1.x86_64
Feb 05 20:39:53 Updated: php-pdo-5.3.10-2.el6.remi.x86_64
Feb 05 20:39:53 Updated: openssh-5.3p1-70.el6_2.2.x86_64
Feb 05 20:39:55 Updated: php-cli-5.3.10-2.el6.remi.x86_64
Feb 05 20:39:57 Updated: t1lib-5.1.2-6.el6_2.1.x86_64
Feb 05 20:40:00 Updated: kernel-firmware-2.6.32-220.4.1.el6.noarch
Feb 05 20:40:07 Updated: kernel-headers-2.6.32-220.4.1.el6.x86_64
Feb 05 20:40:12 Updated: glibc-headers-2.12-1.47.el6_2.5.x86_64
Feb 05 20:40:14 Updated: glibc-devel-2.12-1.47.el6_2.5.x86_64
Feb 05 20:40:21 Installed: kernel-2.6.32-220.4.1.el6.x86_64
Feb 05 20:40:21 Updated: php-gd-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:23 Updated: php-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:27 Updated: openssh-server-5.3p1-70.el6_2.2.x86_64
Feb 05 20:40:28 Updated: openssh-clients-5.3p1-70.el6_2.2.x86_64
Feb 05 20:40:29 Updated: php-mysql-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:31 Updated: php-odbc-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:32 Updated: php-mssql-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:34 Updated: openssl-devel-1.0.0-20.el6_2.1.x86_64
Feb 05 20:40:36 Updated: php-fpm-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:38 Updated: php-imap-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:42 Updated: 1hp-eaccelerator-0.9.6.1-11.el6.remi.x86_64
Feb 05 20:40:43 Updated: php-xmlrpc-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:44 Updated: php-mcrypt-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:45 Updated: php-mbstring-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:46 Updated: php-xml-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:47 Updated: php-soap-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:48 Updated: php-snmp-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:48 Updated: php-tidy-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:54 Updated: php-ldap-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:56 Updated: at-3.1.10-43.el6_2.1.x86_64
Feb 05 20:41:02 Updated: ghostscript-8.70-11.el6_2.6.x86_64
Feb 05 20:41:09 Installed: kernel-devel-2.6.32-220.4.1.el6.x86_64


and one more thing is that i changed the default ssh port to something else

Last edited by RioSif; 7th February 2012 at 10:05.
Reply With Quote
  #4  
Old 7th February 2012, 10:06
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,007
Thanks: 840
Thanked 5,651 Times in 4,461 Posts
Default

The log locations are ok. Please check that the fail2ban.log is not empty.

Regarding rkhunter, do you get the rkhunter sacn result on the shell when you execute this command:

rkhunter --update --checkall --nocolors --skip-keypress
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 7th February 2012, 10:33
RioSif RioSif is offline
Member
 
Join Date: Jan 2012
Posts: 31
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Code:
System checks summary
=====================

File properties checks...
    Files checked: 137
    Suspect files: 2

Rootkit checks...
    Rootkits checked : 246
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 1 minute and 50 seconds

All results have been written to the log file (/var/log/rkhunter/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
I get warnings for:
Checking for hidden files and directories [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
/usr/bin/unhide [ Warning ]
/usr/bin/unhide-tcp [ Warning ]

which was there since forever.

for fail2ban here is the last lines of the non-empty log:
Code:
2012-02-04 13:40:57,191 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2012-02-04 13:40:57,194 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2012-02-04 13:40:57,261 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-02-04 13:40:57,262 fail2ban.filter : INFO   Set maxRetry = 5
2012-02-04 13:40:57,262 fail2ban.filter : INFO   Set findtime = 600
2012-02-04 13:40:57,262 fail2ban.actions: INFO   Set banTime = 600
2012-02-04 13:40:57,315 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
2012-02-04 15:14:49,107 fail2ban.actions: WARNING [ssh-iptables] Ban 1.202.148.22
2012-02-04 15:24:50,058 fail2ban.actions: WARNING [ssh-iptables] Unban 1.202.148.22
2012-02-04 17:13:58,486 fail2ban.actions: WARNING [ssh-iptables] Ban 88.208.218.199
2012-02-04 17:23:58,592 fail2ban.actions: WARNING [ssh-iptables] Unban 88.208.218.199
2012-02-04 21:46:27,468 fail2ban.actions: WARNING [ssh-iptables] Ban 212.156.126.210
2012-02-04 21:56:27,636 fail2ban.actions: WARNING [ssh-iptables] Unban 212.156.126.210
2012-02-05 03:02:08,959 fail2ban.actions: WARNING [ssh-iptables] Ban 49.254.98.187
2012-02-05 03:12:09,586 fail2ban.actions: WARNING [ssh-iptables] Unban 49.254.98.187
2012-02-05 03:34:10,542 fail2ban.filter : INFO   Log rotation detected for /var/log/secure
2012-02-05 03:35:10,606 fail2ban.filter : INFO   Log rotation detected for /var/log/secure
2012-02-05 17:10:30,482 fail2ban.actions: WARNING [ssh-iptables] Ban 210.212.250.35
2012-02-05 17:20:30,860 fail2ban.actions: WARNING [ssh-iptables] Unban 210.212.250.35
2012-02-05 18:30:09,754 fail2ban.actions: WARNING [ssh-iptables] Ban 184.107.179.242
2012-02-05 18:40:09,807 fail2ban.actions: WARNING [ssh-iptables] Unban 184.107.179.242
2012-02-05 18:53:31,804 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
2012-02-05 18:53:31,824 fail2ban.server : INFO   Exiting Fail2ban
2012-02-05 18:56:30,726 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2012-02-05 18:56:30,726 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2012-02-05 18:56:30,754 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2012-02-05 18:56:31,202 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-02-05 18:56:31,202 fail2ban.filter : INFO   Set maxRetry = 5
2012-02-05 18:56:31,220 fail2ban.filter : INFO   Set findtime = 600
2012-02-05 18:56:31,220 fail2ban.actions: INFO   Set banTime = 600
2012-02-05 18:56:31,273 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
2012-02-05 18:56:34,455 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
2012-02-05 18:56:34,456 fail2ban.server : INFO   Exiting Fail2ban
2012-02-05 18:56:35,643 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2012-02-05 18:56:35,644 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2012-02-05 18:56:35,644 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2012-02-05 18:56:35,655 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-02-05 18:56:35,656 fail2ban.filter : INFO   Set maxRetry = 5
2012-02-05 18:56:35,656 fail2ban.filter : INFO   Set findtime = 600
2012-02-05 18:56:35,657 fail2ban.actions: INFO   Set banTime = 600
2012-02-05 18:56:35,711 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
2012-02-05 18:57:29,770 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
2012-02-05 18:57:29,771 fail2ban.server : INFO   Exiting Fail2ban
2012-02-05 18:59:23,555 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2012-02-05 18:59:23,555 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2012-02-05 18:59:23,556 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2012-02-05 18:59:23,616 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-02-05 18:59:23,617 fail2ban.filter : INFO   Set maxRetry = 5
2012-02-05 18:59:23,618 fail2ban.filter : INFO   Set findtime = 600
2012-02-05 18:59:23,618 fail2ban.actions: INFO   Set banTime = 600
2012-02-05 18:59:23,672 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
2012-02-05 18:59:26,967 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
2012-02-05 18:59:26,967 fail2ban.server : INFO   Exiting Fail2ban
2012-02-05 18:59:28,184 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2012-02-05 18:59:28,184 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2012-02-05 18:59:28,185 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2012-02-05 18:59:28,194 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-02-05 18:59:28,195 fail2ban.filter : INFO   Set maxRetry = 5
2012-02-05 18:59:28,196 fail2ban.filter : INFO   Set findtime = 600
2012-02-05 18:59:28,196 fail2ban.actions: INFO   Set banTime = 600
2012-02-05 18:59:28,249 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
2012-02-06 21:40:02,482 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
2012-02-06 21:40:02,564 fail2ban.server : INFO   Exiting Fail2ban
2012-02-06 21:42:08,946 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2012-02-06 21:42:08,959 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2012-02-06 21:42:08,983 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2012-02-06 21:42:09,093 fail2ban.filter : INFO   Added logfile = /var/log/secure
2012-02-06 21:42:09,093 fail2ban.filter : INFO   Set maxRetry = 5
2012-02-06 21:42:09,095 fail2ban.filter : INFO   Set findtime = 600
2012-02-06 21:42:09,095 fail2ban.actions: INFO   Set banTime = 600
2012-02-06 21:42:09,159 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
2012-02-06 22:21:17,721 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
2012-02-06 22:21:17,734 fail2ban.server : INFO   Exiting Fail2ban
Reply With Quote
  #6  
Old 7th February 2012, 14:15
RioSif RioSif is offline
Member
 
Join Date: Jan 2012
Posts: 31
Thanks: 7
Thanked 2 Times in 2 Posts
Default

I found out that the problem is more more serious! I tried to add a new site, blog.riosif.gr.
Vhosts at nginx/sites-enabled and nginx/sites-active created. But nothing created at /var/www/
At the sites options i read "/var/www/clients/client1/web34/web:/var/www/clients/client1/web34/tmp" but no web34 folder is created.
I think this is caused of the update. What should i do? Please help!
Reply With Quote
  #7  
Old 21st February 2012, 00:08
RioSif RioSif is offline
Member
 
Join Date: Jan 2012
Posts: 31
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Hello again.
I figure out that the problem is that when i add a new site no user is created and as a result nothing else is created. So i think it's a permissions issue that ispconfig can't create a new user(for example user web30 is not created).
Reply With Quote
  #8  
Old 21st February 2012, 11:19
RioSif RioSif is offline
Member
 
Join Date: Jan 2012
Posts: 31
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Anyways i'll do an os reinstall. Last general linux os question. Because i'm not a linux/unix advanced user is there any article you know of or any guide or something about backing up-restoring the os at a previous state that could solve that kind of issues without a need of reinstallation?

Thank you
Reply With Quote
  #9  
Old 21st February 2012, 15:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

If you use virtualization, you can back up the whole virtual machine (for example for OpenVZ, there's the vzdump tool - see http://www.howtoforge.com/clone-back...ms-with-vzdump ).

If this is a physical system, take a look at CloneZilla or Ghost4Linux.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
3.0.2.1 saying rkhunter and fail2ban not installed BorderAmigos Installation/Configuration 4 7th April 2010 15:13
installing fail2ban and rkhunter after ISPc3 Slowhand Installation/Configuration 2 5th June 2009 19:53


All times are GMT +2. The time now is 11:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.