#1  
Old 6th July 2013, 09:21
sobers_2002 sobers_2002 is offline
Junior Member
 
Join Date: Jul 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Fail2ban regex works but no ban

Hi All,

I am running a Debian wheezy (raspbian) server on a raspberry pi with the latest updates in.

The issue at hand is that I am unable to get fail2ban to 'work'. The regex seems to work fine, as shown below:

Code:
:~# fail2ban-client status nginx-login
Status for the jail: nginx-login
|- filter
|  |- File list:        /var/log/*.access.log 
|  |- Currently failed: 7
|  `- Total failed:     7
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0
and

Code:
:~# fail2ban-regex /var/log/nginx/*.access.log /etc/fail2ban/filter.d/nginx-login.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/nginx-login.conf
Use log file   : /var/log/nginx/*.access.log


Results
=======

Failregex
|- Regular expressions:
|  [1] ^<HOST> -.*POST .*login.* HTTP/1\.." 200
|
`- Number of matches:
   [1] 92 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]

--here is a long list of IP addresses (92 nos. as seen below)--

Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
2130 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 92

However, look at the above section 'Running tests' which could contain important
information.
the excerpt from the fail2ban log is as below:

Code:
2013-07-06 02:20:59,662 fail2ban.filter : INFO   Set maxRetry = 3
2013-07-06 02:20:59,686 fail2ban.filter : INFO   Set findtime = 7200
2013-07-06 02:20:59,694 fail2ban.actions: INFO   Set banTime = 86400
2013-07-06 02:20:59,790 fail2ban.jail   : INFO   Creating new jail 'nginx-proxy'
2013-07-06 02:20:59,792 fail2ban.jail   : INFO   Jail 'nginx-proxy' uses Gamin
2013-07-06 02:20:59,808 fail2ban.filter : INFO   Added logfile = /var/log/nginx*
2013-07-06 02:20:59,881 fail2ban.filter : INFO   Set maxRetry = 3
2013-07-06 02:20:59,905 fail2ban.filter : INFO   Set findtime = 7200
2013-07-06 02:20:59,913 fail2ban.actions: INFO   Set banTime = 86400
2013-07-06 02:21:00,018 fail2ban.jail   : INFO   Jail 'ssh' started
2013-07-06 02:21:00,133 fail2ban.jail   : INFO   Jail 'nginx-auth' started
2013-07-06 02:21:00,244 fail2ban.jail   : INFO   Jail 'nginx-login' started
2013-07-06 02:21:00,463 fail2ban.jail   : INFO   Jail 'nginx-badbots' started
2013-07-06 02:21:00,663 fail2ban.jail   : INFO   Jail 'nginx-noscript' started
2013-07-06 02:21:01,013 fail2ban.jail   : INFO   Jail 'nginx-proxy' started
The important regex (nginx-login) in question above is to prevent automated login attempts to wordpress.

I can't ever see any ban happening here in this log file. For reference, I am running a read only root system.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
fail2ban, nginx, regex

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban log is banning my own server IP rlischer Installation/Configuration 1 19th January 2013 12:17
Fail2ban attacker Toucan General 2 5th October 2010 23:00
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Fail2ban only ban on first time. ivomendonca Installation/Configuration 1 30th October 2009 18:48
Fail2Ban fails to ban :-) Wandering-Aimlessly Installation/Configuration 14 18th August 2009 16:37


All times are GMT +2. The time now is 11:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.