#1  
Old 25th July 2008, 11:24
Libor Libor is offline
Junior Member
 
Join Date: Jul 2008
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Question Fail2Ban and OpenSuse 10.3

Hello,

i have installed fail2ban like described in the howto Preventing Brute Force Attacks With Fail2ban On OpenSUSE 10.3.

The installation completed without errors or warnings. The only jail i configuered and acitvated is ssh-iptables.

Fail2Ban works and i receive eMails when it stops or starts.

In fail2ban.log is this comment: fail2ban.filter: WARNING Unable to find a corresponding IP address for mail.szitcons.ch

i tried several false logins with putty and ssh but no reaction.

Then i tried the same install on an other System with Suse 10.0 an everything works alright.

The only difference i found is the version of python. On Suse 10.3 is python-2.5.1-39.2 an on the Suse 10.0 is python-2.4.1-3.5

hope somebody could help...

Thanks, Libor
Reply With Quote
Sponsored Links
  #2  
Old 26th July 2008, 11:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Do you have valid DNS servers in /etc/resolv.conf?
What's the output of
Code:
dig mail.szitcons.ch
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Libor (29th July 2008)
  #3  
Old 27th July 2008, 13:39
Libor Libor is offline
Junior Member
 
Join Date: Jul 2008
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Hi Falko,

my nameserver in resolv.conf is 192.168.200.1

dig says:

; <<>> DiG 9.4.1-P1 <<>> mail.szitcons.ch
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1031
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.szitcons.ch. IN A

;; ANSWER SECTION:
mail.szitcons.ch. 5467 IN A 78.47.67.122

;; Query time: 29 msec
;; SERVER: 192.168.200.1#53(192.168.200.1)
;; WHEN: Sun Jul 27 08:59:15 2008
;; MSG SIZE rcvd: 50


bye, Libor
Reply With Quote
  #4  
Old 28th July 2008, 14:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Hm, looks ok.
Did you disable AppArmor?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 28th July 2008, 15:28
Libor Libor is offline
Junior Member
 
Join Date: Jul 2008
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Thumbs down

I have not installed AppArmor at all.

It seems that Fail2Ban even does not read the whole file /var/log/messages but only some lines.
Reply With Quote
  #6  
Old 29th July 2008, 08:09
Libor Libor is offline
Junior Member
 
Join Date: Jul 2008
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

Hi Falko,
i think i am blind! You were right.
The IP 192.168.200.1 in /etc/resolv.com is not a valid DNS Server.
I changed it and now it works.

Thanks a lot,
Libor
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 11:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.