Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th June 2007, 03:31
boast boast is offline
Junior Member
 
Join Date: Jun 2007
Posts: 14
Thanks: 3
Thanked 0 Times in 0 Posts
Default Can't get fail2ban to work.

So I see this in my proftpd logs
Code:
Jun 23 21:20:37 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:38 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 75962 usecs
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 2 usecs
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:39 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 19765 usecs
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): Maximum login attempts (3) exceeded
Jun 23 21:20:40 orangegum.BBNET proftpd[9193] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session closed.
Jun 23 21:20:41 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:42 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 238 usecs
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 149 usecs
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:43 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 103394 usecs
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 623 usecs
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): Maximum login attempts (3) exceeded
Jun 23 21:20:44 orangegum.BBNET proftpd[9209] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session closed.
Jun 23 21:20:45 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): FTP session opened.
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): USER info: no such user found from 211.97.71.198 [211.97.71.198] to 10.0.0.3:21
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 77 usecs
Jun 23 21:20:46 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): mod_delay/0.5: delaying for 169 usecs
Jun 23 21:20:47 orangegum.BBNET proftpd[9210] orangegum.BBNET (211.97.71.198[211.97.71.198]): no such user 'info'
Yet fail2ban log's show nothing.

I copied everything the tutorial said. But it had logpath pointing to auth.log, but since proftpd has it's own log, I'm not sure if I have it set right.

Code:
[proftpd]

enabled  = true
port     = ftp
filter   = proftpd
logpath  = /var/log/proftpd/proftpd.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry = 5
How can I personally test if it works. I don't even know how to ban IP's, I had to shut everything down.


edit; changing it to
Code:
failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
worked

Last edited by boast; 4th July 2007 at 17:16.
Reply With Quote
Sponsored Links
  #2  
Old 25th June 2007, 16:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

What's gets logged to /var/log/auth.log when an FTP login fails?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 26th June 2007, 00:55
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
 
Default

I had to remove the
Code:
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
in my jail.local to get it to work on my server.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: The PHP binary coming with ISPConfig does not work properly on your system W1SKCC Installation/Configuration 2 2nd February 2007 13:55
Pure domain DNS doesn't work SyRenity Installation/Configuration 7 12th December 2006 12:12
Cant get any messenger program to work SimplyMepis 6.0 gtoman Technical 1 13th November 2006 15:26
Never Actually got It To Work... jjw Installation/Configuration 4 31st August 2006 12:31
Ver nice work, but ftp didnt work deb1an Installation/Configuration 3 24th July 2006 11:05


All times are GMT +2. The time now is 06:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.