fail2ban failing!!

Discussion in 'Installation/Configuration' started by Morons, Nov 12, 2013.

  1. Morons

    Morons Member

    Code:
    2013-11-12 20:12:31,644 fail2ban.actions.action: ERROR  iptables -N fail2ban-apache
    iptables -A fail2ban-apache -j RETURN
    iptables -I INPUT -p tcp --dport http -j fail2ban-apache returned 200
    2013-11-12 20:12:31,650 fail2ban.actions.action: ERROR  iptables -N fail2ban-pop3d
    iptables -A fail2ban-pop3d -j RETURN
    iptables -I INPUT -p tcp --dport pop3 -j fail2ban-pop3d returned 400
    :confused:

    /etc/fail2ban/jail.local looks like this <sniped>
    Code:
    [apache]
    
    enabled = true
    port    = http
    filter  = apache-auth
    logpath = /var/log/apache*/*error.log
    maxretry = 5
    
    [pop3d]
    
    enabled  = true
    port     = pop3
    filter   = pop3d
    logpath  = /var/log/mail.log
    maxretry = 5
    
    /etc/fail2ban/filter.d/apache-auth.conf
    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 728 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failure messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
    # Values:  TEXT
    #
    failregex = [[]client <HOST>[]] user .* authentication failure
                [[]client <HOST>[]] user .* not found
                [[]client <HOST>[]] user .* password mismatch
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    
    /etc/fail2ban/filter.d/pop3d.conf
    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 510 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>\S+)
    # Values:  TEXT
    #
    failregex = pop3d: LOGIN FAILED.*ip=\[.*:<HOST>\]
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    
    PLEASE HELP :eek:
     

Share This Page