#1  
Old 9th June 2009, 03:08
KenMasters KenMasters is offline
Junior Member
 
Join Date: Feb 2009
Posts: 9
Thanks: 3
Thanked 0 Times in 0 Posts
Default fail2ban bug resurfaced?

I have this exact error in CentOS 5.3 x86_64, using ISPConfig 3.0.1.3:
FS#588 - CentOS: Monitoring plugin doesn't recognize fail2ban

I followed the The Perfect Server - CentOS 5.3 x86_64 [ISPConfig 3] to the letter (and found another bug in it - you must run "yum install apr-devel" or you will fail compiling SuPHP).

Everything seems to be fine (still checking some functions), yet the fail2ban plugin isn't working.
Reply With Quote
Sponsored Links
  #2  
Old 9th June 2009, 13:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,501 Times in 4,330 Posts
Default

Please post the output of:

which faul2ban
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 9th June 2009, 22:38
KenMasters KenMasters is offline
Junior Member
 
Join Date: Feb 2009
Posts: 9
Thanks: 3
Thanked 0 Times in 0 Posts
Default

which fail2ban produces:
/usr/bin/which: no fail2ban in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

The command I used to install it was "yum install fail2ban", as described in the server howto.

The actual client is found, no problem:
which fail2ban-client produces:
/usr/bin/fail2ban-client

The log file is here, but is empty:
/var/log/fail2ban.log

Last edited by KenMasters; 9th June 2009 at 22:50. Reason: found client
Reply With Quote
  #4  
Old 9th June 2009, 23:16
KenMasters KenMasters is offline
Junior Member
 
Join Date: Feb 2009
Posts: 9
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Lol, nevermind, I made a configuration error, being new to fail2ban. I didn't realize the jails had to be activated before it would start logging. You'd think it would log something, even a "no jails active" message.

Now my problem is that I can't seem to figure out why it's not working correctly. I'm not sure what I should enable, or what's safe with ISPConfig 3. I'm getting logs, but they look like this:

Code:
2009-06-09 15:06:59,959 fail2ban.jail : INFO Using Gamin
2009-06-09 15:06:59,967 fail2ban.filter : INFO Created Filter
2009-06-09 15:06:59,967 fail2ban.filter : INFO Created FilterGamin
2009-06-09 15:06:59,968 fail2ban.filter : INFO Set maxRetry = 5
2009-06-09 15:06:59,970 fail2ban.filter : INFO Set findtime = 600
2009-06-09 15:06:59,971 fail2ban.actions: INFO Set banTime = 3600
2009-06-09 15:06:59,998 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP
2009-06-09 15:06:59,998 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban-
iptables -F fail2ban-
iptables -X fail2ban-
2009-06-09 15:06:59,999 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-
iptables -A fail2ban- -j RETURN
iptables -I INPUT -p --dport -j fail2ban-
2009-06-09 15:06:59,999 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP
2009-06-09 15:07:00,000 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-
2009-06-09 15:07:00,001 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,002 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,002 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,003 fail2ban.actions.action: INFO Set actionUnban =
2009-06-09 15:07:00,003 fail2ban.actions.action: INFO Set actionCheck =
2009-06-09 15:07:00,005 fail2ban.jail : INFO Using Gamin
2009-06-09 15:07:00,005 fail2ban.filter : INFO Created Filter
2009-06-09 15:07:00,005 fail2ban.filter : INFO Created FilterGamin
2009-06-09 15:07:00,005 fail2ban.filter : INFO Set maxRetry = 3
2009-06-09 15:07:00,007 fail2ban.filter : INFO Set findtime = 600
2009-06-09 15:07:00,007 fail2ban.actions: INFO Set banTime = 300
2009-06-09 15:07:00,008 fail2ban.actions.action: INFO Set actionBan = IP= &&
printf %b "ALL: $IP\n" >>
2009-06-09 15:07:00,009 fail2ban.actions.action: INFO Set actionStop =
2009-06-09 15:07:00,009 fail2ban.actions.action: INFO Set actionStart =
2009-06-09 15:07:00,010 fail2ban.actions.action: INFO Set actionUnban = IP= && sed -i.old /ALL:\ $IP/d
2009-06-09 15:07:00,010 fail2ban.actions.action: INFO Set actionCheck =
2009-06-09 15:07:00,011 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,012 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,012 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
2009-06-09 15:07:00,013 fail2ban.actions.action: INFO Set actionUnban =
2009-06-09 15:07:00,013 fail2ban.actions.action: INFO Set actionCheck =
2009-06-09 15:07:00,014 fail2ban.jail : INFO Using Gamin
2009-06-09 15:07:00,015 fail2ban.filter : INFO Created Filter
2009-06-09 15:07:00,015 fail2ban.filter : INFO Created FilterGamin
2009-06-09 15:07:00,015 fail2ban.filter : INFO Set maxRetry = 3
2009-06-09 15:07:00,016 fail2ban.comm : WARNING Invalid command: ['set', 'ssh-tcpwrapper', 'ignoreregex', 'for myuser from']
This doesn't look like any of the logs I've seen elsewhere.


Edit: I believe I enabled two conflicting jails. I'm now getting sane messages in my logs, and the email confirmations are working. Still not sure what's safe to use in conjunction with ISPC3, but I'll go with it for now.

Last edited by KenMasters; 10th June 2009 at 01:31. Reason: I think it's okay. Suggestions welcome.
Reply With Quote
  #5  
Old 10th June 2009, 09:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,501 Times in 4,330 Posts
 
Default

ISPConfig is just displaying the log file in its monitor, so there is nothing safe or unsafe regarding fail2ban.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu-9.04 - fail2ban configuration problems dudez Installation/Configuration 2 8th February 2010 00:26
fail2ban not working linuxwannabe Installation/Configuration 1 25th January 2009 07:09
Fail2Ban not banning? tristanlee85 Server Operation 4 15th October 2008 14:44
Fail2ban not working on FC9 nanotechgeek2 HOWTO-Related Questions 3 6th October 2008 11:22
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 21:16


All times are GMT +2. The time now is 04:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.