#11  
Old 8th November 2010, 14:22
Toxin Toxin is offline
Junior Member
 
Join Date: Oct 2010
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

That's the problem, i don't have any fail2ban.log file in /var/log

I create the file myself, and try again to add the lines in fail.conf

Still having an error (this is I think normal) but nothing is written in the log file ...

Last edited by Toxin; 8th November 2010 at 14:31.
Reply With Quote
Sponsored Links
  #12  
Old 9th November 2010, 15:59
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

What's the output of
Code:
ls -la /etc/fail2ban/filter.d/
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #13  
Old 9th November 2010, 16:59
Toxin Toxin is offline
Junior Member
 
Join Date: Oct 2010
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

Here it is:

Code:
[root@skynet ~]# ls -la /etc/fail2ban/filter.d/
total 116
drwxr-xr-x 2 root root 4096 30 juil. 17:41 .
drwxr-xr-x 4 root root 4096 30 juil. 17:41 ..
-rw-r--r-- 1 root root  711  8 févr.  2009 apache-auth.conf
-rw-r--r-- 1 root root 2396  5 mars   2008 apache-badbots.conf
-rw-r--r-- 1 root root  628 13 oct.   2008 apache-nohome.conf
-rw-r--r-- 1 root root  763  8 févr.  2009 apache-noscript.conf
-rw-r--r-- 1 root root  444  5 mars   2008 apache-overflows.conf
-rw-r--r-- 1 root root 1039  8 févr.  2009 common.conf
-rw-r--r-- 1 root root  616  8 févr.  2009 courierlogin.conf
-rw-r--r-- 1 root root  591  8 févr.  2009 couriersmtp.conf
-rw-r--r-- 1 root root 1012  8 févr.  2009 cyrus-imap.conf
-rw-r--r-- 1 root root  613  8 févr.  2009 exim.conf
-rw-r--r-- 1 root root  447 22 mai    2008 gssftpd.conf
-rw-r--r-- 1 root root  397 30 août   2009 lighttpd-fastcgi.conf
-rw-r--r-- 1 root root 1013  9 févr.  2009 named-refused.conf
-rw-r--r-- 1 root root  870 22 mai    2008 pam-generic.conf
-rw-r--r-- 1 root root  867 30 août   2009 php-url-fopen.conf
-rw-r--r-- 1 root root  591  8 févr.  2009 postfix.conf
-rw-r--r-- 1 root root  878  8 févr.  2009 proftpd.conf
-rw-r--r-- 1 root root  886  8 nov.  10:19 pure-ftpd.conf
-rw-r--r-- 1 root root  606  8 févr.  2009 qmail.conf
-rw-r--r-- 1 root root  679  8 févr.  2009 sasl.conf
-rw-r--r-- 1 root root  581  3 févr.  2009 sieve.conf
-rw-r--r-- 1 root root 1648  8 févr.  2009 sshd.conf
-rw-r--r-- 1 root root  627  8 févr.  2009 sshd-ddos.conf
-rw-r--r-- 1 root root  700  8 févr.  2009 vsftpd.conf
-rw-r--r-- 1 root root  827  8 févr.  2009 webmin-auth.conf
-rw-r--r-- 1 root root  437 22 mai    2008 wuftpd.conf
-rw-r--r-- 1 root root  848  8 févr.  2009 xinetd-fail.conf
[root@skynet ~]#

Contents of pure-ftp.conf
Code:
[root@skynet ~]# cat /etc/fail2ban/filter.d/pure-ftpd.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd
#
# $Revision: 3$
#

[Definition]

# Error message specified in multiple languages
__errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)

#
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#         host must be matched by a group named "host". The tag "<HOST>" can
#         be used for standard IP/hostname matching and is only an alias for
#         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$


# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

[root@skynet ~]#
cat /etc/fail2ban/filter.d/pure-ftpd.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd
#
# $Revision: 3$
#

[Definition]

# Error message specified in multiple languages
__errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)

#
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#         host must be matched by a group named "host". The tag "<HOST>" can
#         be used for standard IP/hostname matching and is only an alias for
#         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$


# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

[root@skynet ~]#

Last edited by Toxin; 9th November 2010 at 17:02. Reason: add of pure-ftp.conf
Reply With Quote
  #14  
Old 10th November 2010, 00:16
Toxin Toxin is offline
Junior Member
 
Join Date: Oct 2010
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

Thanks to the French Fedora web site I've found the error,
"action" was missing in the jail.conf

Code:
[pure-ftpd]

enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
action   = iptables[name=PUREFTP, port=ftp, protocol=tcp]
           sendmail-whois[name=PUREFTP, dest=you@mail.com]
logpath = /var/log/messages
maxretry = 6
Now it works perfect, no more errors on start of Fail2ban
Reply With Quote
The Following User Says Thank You to Toxin For This Useful Post:
falko (10th November 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Fail2Ban fails to ban :-) Wandering-Aimlessly Installation/Configuration 14 18th August 2009 16:37
Need help with fail2ban on centos 5.3 rlischer Installation/Configuration 3 14th August 2009 11:47
Fail2Ban not banning? tristanlee85 Server Operation 4 15th October 2008 13:44
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 20:16


All times are GMT +2. The time now is 02:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.