Fail2ban apache driving me crazy

Discussion in 'HOWTO-Related Questions' started by freshfitz, Mar 4, 2012.

  1. freshfitz

    freshfitz New Member

    I am trying to log failed attempts from an .htpasswd file. i want the failed attempts to be emailed to me. It is working for failed ssh logins. It seems like fail2ban is reading my log file entries???? I'm lost on why it won't email me

    jail.conf

    Code:
    [apache]
    
    enabled = true
    filter  = apache-auth
    action  = sendmail-whois[name=ApacheDeny, dest=[email protected]]
    logpath = /var/log/phpmyadmin.log
    maxretry = 2
    apache-auth.conf
    Code:
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failure messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
    # Values:  TEXT
    #
    #failregex = [[]client <HOST>[]] user .* authentication failure
    #            [[]client <HOST>[]] user .* not found /
    #            [[]client <HOST>[]] user .* password mismatch
    
    failregex = [[]client <HOST>[]] user .* not found
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    log file

    [Sat Mar 03 18:27:01 2012] [error] [client 74.4.4.4] user asfadsfasf not found: /
    [Sat Mar 03 18:27:03 2012] [error] [client 74.4.4.4] user asfsadfdsfad not found: /
    [Sat Mar 03 18:27:08 2012] [error] [client 74.4.4.4] user ffffffff not found: /
    [Sat Mar 03 18:27:10 2012] [error] [client 74.4.4.4] user ffffffff not found: /


    result of test - fail2ban-regex /var/log/phpmyadmin.log "[[]client <HOST>[]] user .* not found"

    Results
    =======

    Failregex
    |- Regular expressions:
    | [1] [[]client <HOST>[]] user .* not found
    |
    `- Number of matches:
    [1] 4 match(es)

    Ignoreregex
    |- Regular expressions:
    |
    `- Number of matches:

    Summary
    =======
     
  2. freshfitz

    freshfitz New Member

    I had my stupid ip whitelisted
     

Share This Page