fail2ban jail.conf Configuration iusse

Discussion in 'ISPConfig 3 Priority Support' started by budgierless, Jul 27, 2019.

  1. budgierless

    budgierless Member

    I need advise for fixing a config in fail2ban:
    Code:
    :~# systemctl status fail2ban.service
    ● fail2ban.service - Fail2Ban Service
       Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2019-07-25 18:35:01 BST; 1 day 18h ago
         Docs: man:fail2ban(1)
     Main PID: 2306 (fail2ban-server)
        Tasks: 7 (limit: 4915)
       CGroup: /system.slice/fail2ban.service
               └─2306 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
    
    Jul 25 18:35:00 server1 systemd[1]: Starting Fail2Ban Service...
    Jul 25 18:35:01 server1 systemd[1]: Started Fail2Ban Service.
    Jul 25 18:35:11 server1 fail2ban-server[2306]:  Found no accessible config files for 'filter.d/pureftpd' under /etc/fail2ban
    Jul 25 18:35:11 server1 fail2ban-server[2306]:  Unable to read the filter 'pureftpd'
    Jul 25 18:35:11 server1 fail2ban-server[2306]:  Errors in jail 'pureftpd'. Skipping...
    Jul 25 18:35:20 server1 fail2ban-server[2306]: Server ready
    my jail..local is:
    Code:
    [pureftpd]
    enabled  = true
    port     = ftp
    filter   = pureftpd
    logpath  = /var/log/syslog
    maxretry = 3
    
    
    #
    # Mail servers
    #
    
    [postfix]
    enabled  = true
    port     = smtp
    filter   = postfix
    logpath  = /var/log/mail.log
    maxretry = 3
    
    
    #
    # Mail servers authenticators: might be used for smtp,ftp,imap servers, so
    # all relevant ports get banned
    #
    
    [dovecot]
    enabled = true
    filter = dovecot
    action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
    logpath = /var/log/mail.log
    maxretry = 5
    
    # DNS Servers
    
    
    # These jails block attacks against named (bind9). By default, logging is off
    # with bind9 installation. You will need something like this:
    #
    # logging {
    #     channel security_file {
    #         file "/var/log/named/security.log" versions 3 size 30m;
    #         severity dynamic;
    #         print-time yes;
    #     };
    #     category security {
    #         security_file;
    #     };
    # };
    #
    # in your named.conf to provide proper logging
    
    # !!! WARNING !!!
    #   Since UDP is connection-less protocol, spoofing of IP and imitation
    #   of illegal actions is way too simple.  Thus enabling of this filter
    #   might provide an easy way for implementing a DoS against a chosen
    #   victim. See
    #    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
    #   Please DO NOT USE this jail unless you know what you are doing.
    #[named-refused-udp]
    #
    #enabled  = false
    #port     = domain,953
    #protocol = udp
    #filter   = named-refused
    #logpath  = /var/log/named/security.log
    
    [named-refused-tcp]
    enabled  = false
    port     = domain,953
    protocol = tcp
    filter   = named-refused
    logpath  = /var/log/named/security.log
    /etc/fail2ban/filter.d/pure-ftpd.conf:
    Code:
    # Fail2Ban filter for pureftp
    #
    # Disable hostname based logging by:
    #
    # Start pure-ftpd with the -H switch or on Ubuntu 'echo yes > /etc/pure-ftpd/conf/DontResolve'
    #
    #
    
    [INCLUDES]
    
    before = common.conf
    
    [Definition]
    
    _daemon = pure-ftpd
    
    # Error message specified in multiple languages
    __errmsg = (?:Godkendelse mislykkedes for \[.*\]|Authentifizierung fehlgeschlagen für Benutzer \[.*\].|Authentication failed for user \[.*\]|Autentificación fallida para el usuario \[.*\]|\[.*\] c'est un batard, il connait pas son code|Erreur d'authentification pour l'utilisateur \[.*\]|Azonosítás sikertelen \[.*\] felhasználónak|Autenticazione falita per l'utente \[.*\]|Autorisatie faalde voor gebruiker \[.*\]|Godkjennelse mislyktes for \[.*\]|\[.*\] kullanýcýsý için giriþ hatalý|Autenticação falhou para usuário \[.*\]|Autentificare esuata pentru utilizatorul \[.*\]|Autentifikace uživatele selhala \[.*\]|Autentyfikacja nie powiodła się dla użytkownika \[.*\]|Autentifikacia uzivatela zlyhala \[.*\]|Behörighetskontroll misslyckas för användare \[.*\]|Авторизация не удалась пользователю \[.*\]|\[.*\] 嶸盪 檣隸 褒ぬ|妏蚚氪\[.*\]桄痐囮啖|使用者\[.*\]驗證失敗)
    
    failregex = ^%(__prefix_line)s\([email protected]<HOST>\) \[WARNING\] %(__errmsg)s\s*$
    
    ignoreregex =
    
    [Init]
    
    journalmatch = _SYSTEMD_UNIT=pure-ftpd.service + _COMM=pure-ftpd
    
    # Author: Cyril Jaquier
    # Modified: Yaroslav Halchenko for pure-ftpd
    # Documentation thanks to Blake on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal
    # UTF-8 editing and mechanism thanks to Johannes Weberhofer
    #
    # Only logs to syslog though facility can be changed configuration file/command line
    #
    # To get messages in the right encoding:
    # grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[defhint]* | grep -Po '".?"' | recode latin1..utf-8 | tr -d '"' > messages
    # grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[pr][to] | grep -Po '".?"' | recode latin1..utf-8 | tr -d '"' >> messages
    # grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[cps][slkv] | grep -Po '".?"' | recode latin2..utf-8 | tr -d '"' >> messages
    # grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_ru | grep -Po '".?"' | recode KOI8-R..utf-8 | tr -d '"' >> messages
    # grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[kz] | grep -Po '".*?"' | tr -d '"' | recode big5..utf-8 >> messages
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Change:

    Code:
    [pureftpd]
    enabled  = true
    port     = ftp
    filter   = pureftpd
    logpath  = /var/log/syslog
    maxretry = 3
    to

    Code:
    [pure-ftpd]
    enabled  = true
    port     = ftp
    filter   = pure-ftpd
    logpath  = /var/log/syslog
    maxretry = 3
    
     
    budgierless likes this.

Share This Page