#1  
Old 4th October 2008, 05:28
nanotechgeek2 nanotechgeek2 is offline
Junior Member
 
Join Date: Oct 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Fail2ban not working on FC9

Hi

I installed Fail2ban on FC9 as per the how to on http://www.howtoforge.com/preventing...ban-on-fedora9

But it doesn't seem to block the authentication failure attempt even when I do a fail2ban-regex on the /var/log/messages it doesn't detect the auth failures although there are failures on it. Any idea why this is happening? I use this for SSHD auth failure events.

Below is my jail.conf


# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.8.0/24

# "bantime" is the number of seconds that a host is banned.
bantime = 7200

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
# is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will choose Gamin if available and polling otherwise.
backend = auto

# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=me@me.com, sender=fail2ban-vpn@me.com]
logpath = /var/log/secure
maxretry = 3
Reply With Quote
Sponsored Links
  #2  
Old 5th October 2008, 19:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,730 Times in 2,568 Posts
Default

Quote:
Originally Posted by nanotechgeek2 View Post
logpath = /var/log/secure
fail2ban is checking /var/log/secure instead of /var/log/messages.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 6th October 2008, 05:02
nanotechgeek2 nanotechgeek2 is offline
Junior Member
 
Join Date: Oct 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

OK.. I changed it to /var/log/messages.. Will get back to you if anything happens.
Reply With Quote
  #4  
Old 6th October 2008, 10:22
nanotechgeek2 nanotechgeek2 is offline
Junior Member
 
Join Date: Oct 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

I did as what falko told me and it seems to work now ..when I do a fail2ban-regex it does capture the auth fail events. thanks falco ..so the correction is

point log to be scanned to /var/log/messages
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2Ban not working bswinnerton Installation/Configuration 17 16th May 2008 20:12
Fail2ban Config Questions batescr HOWTO-Related Questions 3 2nd May 2008 15:23
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 20:16
DNS stop working MZH General 3 22nd February 2008 11:10
ftp not working pesja Installation/Configuration 3 17th July 2006 12:37


All times are GMT +2. The time now is 09:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.