#1  
Old 6th August 2011, 14:38
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default fail2ban is no working

I think is not working, this is the whole log:

Code:
root@main:~# cat /var/log/fail2ban.log 
2011-08-05 20:56:20,180 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Creating new jail 'ssh'
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Set maxRetry = 6
2011-08-05 20:56:20,232 fail2ban.filter : INFO   Set findtime = 600
2011-08-05 20:56:20,233 fail2ban.actions: INFO   Set banTime = 600
2011-08-05 20:56:20,312 fail2ban.jail   : INFO   Jail 'ssh' started
2011-08-05 21:01:04,889 fail2ban.jail   : INFO   Jail 'ssh' stopped
2011-08-05 21:01:04,889 fail2ban.server : INFO   Exiting Fail2ban
Code:
root@main:~# /etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban failed!
Code:
root@main:~# /etc/init.d/fail2ban stop
root@main:~# /etc/init.d/fail2ban start
root@main:~#
Reply With Quote
Sponsored Links
  #2  
Old 6th August 2011, 15:45
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 89 Times in 68 Posts
Default

Try to change the log level to see exactly this issue.

edit /etc/fail2ban/fail2ban.conf and set loglevel = 4
Reply With Quote
  #3  
Old 6th August 2011, 17:54
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default

Quote:
Originally Posted by pititis View Post
Try to change the log level to see exactly this issue.

edit /etc/fail2ban/fail2ban.conf and set loglevel = 4
I do that, and nothing happens. The log is exactly the same.
Reply With Quote
  #4  
Old 6th August 2011, 18:16
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 89 Times in 68 Posts
Default

Did you restart fail2ban?
Reply With Quote
  #5  
Old 6th August 2011, 18:43
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default

Quote:
Originally Posted by pititis View Post
Did you restart fail2ban?
Of course!

/etc/init.d/fail2ban restart --> with error

and then
/etc/init.d/fail2ban stop
/etc/init.d/fail2ban start

without error

New test:

Code:
root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is not running ... (warning).
root@main:~# /etc/init.d/fail2ban force-start
root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is not running ... (warning).
root@main:~#

Last edited by mentes; 6th August 2011 at 19:00.
Reply With Quote
  #6  
Old 6th August 2011, 19:10
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 89 Times in 68 Posts
Default

When you set loglevel = 4 (debug) your log /var/log/fail2ban.log must contain debug messages after restart fail2fan daemon.

Just re-check
Reply With Quote
  #7  
Old 6th August 2011, 19:19
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default

I'm sure what I do, but I'm not sure what happens.

Code:
root@main:~# cat /etc/fail2ban/fail2ban.conf 
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 629 $
#

[Definition]

# Option:  loglevel
# Notes.:  Set the log level output.
#          1 = ERROR
#          2 = WARN
#          3 = INFO
#          4 = DEBUG
# Values:  NUM  Default:  3
#
loglevel = 4 

# Option:  logtarget
# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#          Only one log target can be specified.
# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
#
logtarget = /var/log/fail2ban.log

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#         not remove this file when Fail2ban runs. It will not be possible to
#         communicate with the server afterwards.
# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
I have restarted it some times, and the server too but log still contains the same.

Code:
root@main:~# cat /var/log/fail2ban.log 
2011-08-05 20:56:20,180 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Creating new jail 'ssh'
2011-08-05 20:56:20,181 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2011-08-05 20:56:20,231 fail2ban.filter : INFO   Set maxRetry = 6
2011-08-05 20:56:20,232 fail2ban.filter : INFO   Set findtime = 600
2011-08-05 20:56:20,233 fail2ban.actions: INFO   Set banTime = 600
2011-08-05 20:56:20,312 fail2ban.jail   : INFO   Jail 'ssh' started
2011-08-05 21:01:04,889 fail2ban.jail   : INFO   Jail 'ssh' stopped
2011-08-05 21:01:04,889 fail2ban.server : INFO   Exiting Fail2ban
root@main:~#
Reply With Quote
  #8  
Old 6th August 2011, 22:19
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
 
Default Solved

Solved executing:

fail2ban-client reload

I found the problem:

ERROR /etc/fail2ban/filter.d/pureftpd.conf and /etc/fail2ban/filter.d/pureftpd.local do not exist

root@main:~# /etc/init.d/fail2ban status
Status of authentication failure monitor:fail2ban is running.
Reply With Quote
The Following User Says Thank You to mentes For This Useful Post:
falko (7th August 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 08:29
Fail2ban not working with FC10 eeyore HOWTO-Related Questions 9 9th February 2009 11:25
fail2ban not working linuxwannabe Installation/Configuration 1 25th January 2009 07:09
Fail2ban not working on FC9 nanotechgeek2 HOWTO-Related Questions 3 6th October 2008 11:22
Fail2Ban not working bswinnerton Installation/Configuration 17 16th May 2008 21:12


All times are GMT +2. The time now is 08:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.