Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 24th June 2007, 03:31
boast boast is offline
Junior Member
 
Join Date: Jun 2007
Posts: 14
Thanks: 3
Thanked 0 Times in 0 Posts
Default Can't get fail2ban to work.

So I see this in my proftpd logs
Code:
Jun 23 21:20:37 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 75962 usecs
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 2 usecs
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 19765 usecs
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): Maximum login attempts (3) exceeded
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session closed.
Jun 23 21:20:41 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 238 usecs
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 149 usecs
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 103394 usecs
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 623 usecs
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): Maximum login attempts (3) exceeded
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session closed.
Jun 23 21:20:45 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 77 usecs
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 169 usecs
Jun 23 21:20:47 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Yet fail2ban log's show nothing.

I copied everything the tutorial said. But it had logpath pointing to auth.log, but since proftpd has it's own log, I'm not sure if I have it set right.

Code:
[proftpd]

enabled  = true
port     = ftp
filter   = proftpd
logpath  = /var/log/proftpd/proftpd.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry = 5
How can I personally test if it works. I don't even know how to ban IP's, I had to shut everything down.


edit; changing it to
Code:
failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
worked

Last edited by boast; 4th July 2007 at 17:16.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: The PHP binary coming with ISPConfig does not work properly on your system W1SKCC Installation/Configuration 2 2nd February 2007 13:55
Pure domain DNS doesn't work SyRenity Installation/Configuration 7 12th December 2006 12:12
Cant get any messenger program to work SimplyMepis 6.0 gtoman Technical 1 13th November 2006 15:26
Never Actually got It To Work... jjw Installation/Configuration 4 31st August 2006 12:31
Ver nice work, but ftp didnt work deb1an Installation/Configuration 3 24th July 2006 11:05


All times are GMT +2. The time now is 17:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.