fail2ban log-changes after manual 6.2. and 6.3

Discussion in 'Installation/Configuration' started by eko_taas, Mar 27, 2011.

  1. eko_taas

    eko_taas New Member

    Made once again fresh installation of Debian squeeze and ISPConfig3.

    One thing I have noticed before, but now find out also time of change.

    org log of fail2ban (I have set all to 3 maxtrials)
    Code:
    2011-03-27 07:24:43,861 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
    2011-03-27 07:24:43,862 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2011-03-27 07:24:43,862 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2011-03-27 07:24:43,922 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2011-03-27 07:24:43,923 fail2ban.filter : INFO   Set maxRetry = 6
    2011-03-27 07:24:43,924 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:24:43,925 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:24:43,994 fail2ban.jail   : INFO   Jail 'ssh' started
    2011-03-27 07:28:24,470 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2011-03-27 07:28:24,470 fail2ban.server : INFO   Exiting Fail2ban
    2011-03-27 07:28:24,877 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
    2011-03-27 07:28:24,878 fail2ban.jail   : INFO   Creating new jail 'courierimap'
    2011-03-27 07:28:24,879 fail2ban.jail   : INFO   Jail 'courierimap' uses poller
    2011-03-27 07:28:24,897 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
    2011-03-27 07:28:24,898 fail2ban.filter : INFO   Set maxRetry = 3
    2011-03-27 07:28:24,899 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:24,900 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:24,907 fail2ban.jail   : INFO   Creating new jail 'courierpop3'
    2011-03-27 07:28:24,908 fail2ban.jail   : INFO   Jail 'courierpop3' uses poller
    2011-03-27 07:28:24,909 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
    2011-03-27 07:28:24,910 fail2ban.filter : INFO   Set maxRetry = 3
    2011-03-27 07:28:24,911 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:24,912 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:24,919 fail2ban.jail   : INFO   Creating new jail 'courierpop3s'
    2011-03-27 07:28:24,919 fail2ban.jail   : INFO   Jail 'courierpop3s' uses poller
    2011-03-27 07:28:24,920 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
    2011-03-27 07:28:24,921 fail2ban.filter : INFO   Set maxRetry = 3
    2011-03-27 07:28:24,923 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:24,923 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:24,931 fail2ban.jail   : INFO   Creating new jail 'pureftpd'
    2011-03-27 07:28:24,931 fail2ban.jail   : INFO   Jail 'pureftpd' uses poller
    2011-03-27 07:28:24,932 fail2ban.filter : INFO   Added logfile = /var/log/syslog
    2011-03-27 07:28:24,933 fail2ban.filter : INFO   Set maxRetry = 3
    2011-03-27 07:28:24,934 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:24,935 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:24,942 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2011-03-27 07:28:24,943 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2011-03-27 07:28:24,944 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2011-03-27 07:28:24,945 fail2ban.filter : INFO   Set maxRetry = 6
    2011-03-27 07:28:24,946 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:24,947 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:25,014 fail2ban.jail   : INFO   Creating new jail 'sasl'
    2011-03-27 07:28:25,014 fail2ban.jail   : INFO   Jail 'sasl' uses poller
    2011-03-27 07:28:25,015 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
    2011-03-27 07:28:25,016 fail2ban.filter : INFO   Set maxRetry = 3
    2011-03-27 07:28:25,018 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:25,019 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:25,027 fail2ban.jail   : INFO   Creating new jail 'courierimaps'
    2011-03-27 07:28:25,027 fail2ban.jail   : INFO   Jail 'courierimaps' uses poller
    2011-03-27 07:28:25,028 fail2ban.filter : INFO   Added logfile = /var/log/mail.log
    2011-03-27 07:28:25,029 fail2ban.filter : INFO   Set maxRetry = 3
    2011-03-27 07:28:25,030 fail2ban.filter : INFO   Set findtime = 600
    2011-03-27 07:28:25,031 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 07:28:25,039 fail2ban.jail   : INFO   Jail 'courierimap' started
    2011-03-27 07:28:25,044 fail2ban.jail   : INFO   Jail 'courierpop3' started
    2011-03-27 07:28:25,050 fail2ban.jail   : INFO   Jail 'courierpop3s' started
    2011-03-27 07:28:25,062 fail2ban.jail   : INFO   Jail 'pureftpd' started
    2011-03-27 07:28:25,072 fail2ban.jail   : INFO   Jail 'ssh' started
    2011-03-27 07:28:25,084 fail2ban.jail   : INFO   Jail 'sasl' started
    2011-03-27 07:28:25,098 fail2ban.jail   : INFO   Jail 'courierimaps' started
    2011-03-27 08:38:26,027 fail2ban.jail   : INFO   Jail 'courierpop3s' stopped
    2011-03-27 08:38:27,023 fail2ban.jail   : INFO   Jail 'courierimap' stopped
    2011-03-27 08:38:28,030 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2011-03-27 08:38:29,025 fail2ban.jail   : INFO   Jail 'courierimaps' stopped
    2011-03-27 08:38:30,024 fail2ban.jail   : INFO   Jail 'pureftpd' stopped
    2011-03-27 08:38:31,027 fail2ban.jail   : INFO   Jail 'sasl' stopped
    2011-03-27 08:38:32,029 fail2ban.jail   : INFO   Jail 'courierpop3' stopped
    2011-03-27 08:38:32,030 fail2ban.server : INFO   Exiting Fail2ban
    
    After following manual to make system to use ssl in 8080
    (with extra ln-link)
    all seems to be working, but now fail2ban generates errors (but e.g, keeps blocking as release statements comes to log)
    Code:
    ...
    2011-03-27 08:47:20,621 fail2ban.actions: INFO   Set banTime = 600
    2011-03-27 08:47:20,652 fail2ban.jail   : INFO   Jail 'courierimap' started
    2011-03-27 08:47:20,667 fail2ban.jail   : INFO   Jail 'courierpop3' started
    2011-03-27 08:47:20,679 fail2ban.jail   : INFO   Jail 'courierpop3s' started
    2011-03-27 08:47:20,687 fail2ban.jail   : INFO   Jail 'pureftpd' started
    2011-03-27 08:47:20,703 fail2ban.jail   : INFO   Jail 'ssh' started
    2011-03-27 08:47:20,715 fail2ban.jail   : INFO   Jail 'sasl' started
    2011-03-27 08:47:20,733 fail2ban.jail   : INFO   Jail 'courierimaps' started
    2011-03-27 08:47:20,935 fail2ban.actions.action: ERROR  iptables -N fail2ban-courierpop3s
    iptables -A fail2ban-courierpop3s -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports pop3s -j fail2ban-courierpop3s returned 200
    2011-03-27 08:47:20,936 fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh
    iptables -A fail2ban-ssh -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 200
    2011-03-27 08:47:20,937 fail2ban.actions.action: ERROR  iptables -N fail2ban-sasl
    iptables -A fail2ban-sasl -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl returned 200
    2011-03-27 08:47:20,938 fail2ban.actions.action: ERROR  iptables -N fail2ban-courierimap
    iptables -A fail2ban-courierimap -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports imap2 -j fail2ban-courierimap returned 200
    2011-03-27 08:47:20,939 fail2ban.actions.action: ERROR  iptables -N fail2ban-pureftpd
    iptables -A fail2ban-pureftpd -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports ftp -j fail2ban-pureftpd returned 200
    2011-03-27 08:47:20,940 fail2ban.actions.action: ERROR  iptables -N fail2ban-courierimaps
    iptables -A fail2ban-courierimaps -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports imaps -j fail2ban-courierimaps returned 200
    
    What should I change to get fail2ban log back to nice-looking non-error mode?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/fail2ban/jail.local? What's the output of
    Code:
    ls -la /etc/fail2ban/filter.d/
    ?
     
  3. eko_taas

    eko_taas New Member

    Thanks for your support

    Code:
    xxxxx:~$ ls -la /etc/fail2ban/filter.d/
    total 140
    drwxr-xr-x 2 root root 4096 Mar 27 08:58 .
    drwxr-xr-x 4 root root 4096 Mar 27 08:57 ..
    -rw-r--r-- 1 root root  711 Feb  8  2009 apache-auth.conf
    -rw-r--r-- 1 root root 2381 Jun 29  2010 apache-badbots.conf
    -rw-r--r-- 1 root root  628 Oct 13  2008 apache-nohome.conf
    -rw-r--r-- 1 root root  763 Feb  8  2009 apache-noscript.conf
    -rw-r--r-- 1 root root  444 Mar  5  2008 apache-overflows.conf
    -rw-r--r-- 1 root root 1039 Feb  8  2009 common.conf
    -rw-r--r-- 1 root root  557 Mar 27 06:27 courierimap.conf
    -rw-r--r-- 1 root root  561 Mar 27 06:28 courierimaps.conf
    -rw-r--r-- 1 root root  616 Feb  8  2009 courierlogin.conf
    -rw-r--r-- 1 root root  557 Mar 27 06:26 courierpop3.conf
    -rw-r--r-- 1 root root  561 Mar 27 06:26 courierpop3s.conf
    -rw-r--r-- 1 root root  591 Feb  8  2009 couriersmtp.conf
    -rw-r--r-- 1 root root 1012 Feb  8  2009 cyrus-imap.conf
    -rw-r--r-- 1 root root  613 Feb  8  2009 exim.conf
    -rw-r--r-- 1 root root  447 May 21  2008 gssftpd.conf
    -rw-r--r-- 1 root root  397 Aug 30  2009 lighttpd-fastcgi.conf
    -rw-r--r-- 1 root root 1013 Feb  9  2009 named-refused.conf
    -rw-r--r-- 1 root root  870 May 21  2008 pam-generic.conf
    -rw-r--r-- 1 root root  867 Aug 30  2009 php-url-fopen.conf
    -rw-r--r-- 1 root root  591 Feb  8  2009 postfix.conf
    -rw-r--r-- 1 root root  866 Jun 29  2010 proftpd.conf
    -rw-r--r-- 1 root root  806 Jun 29  2010 pure-ftpd.conf
    -rw-r--r-- 1 root root  111 Mar 27 06:25 pureftpd.conf
    -rw-r--r-- 1 root root  606 Feb  8  2009 qmail.conf
    -rw-r--r-- 1 root root   72 Mar 27 08:58 roundcube.conf
    -rw-r--r-- 1 root root  679 Feb  8  2009 sasl.conf
    -rw-r--r-- 1 root root  581 Feb  3  2009 sieve.conf
    -rw-r--r-- 1 root root 1649 Jun 29  2010 sshd.conf
    -rw-r--r-- 1 root root  627 Feb  8  2009 sshd-ddos.conf
    -rw-r--r-- 1 root root  700 Feb  8  2009 vsftpd.conf
    -rw-r--r-- 1 root root  827 Feb  8  2009 webmin-auth.conf
    -rw-r--r-- 1 root root  437 May 21  2008 wuftpd.conf
    -rw-r--r-- 1 root root  848 Feb  8  2009 xinetd-fail.conf
    xxxx :~$ 
     
  4. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/fail2ban/jail.local?
     
  5. eko_taas

    eko_taas New Member

    Sorry for delay - see enclosed (should be as per perfect server and then ssl-roundcube instructions, but only 3 trials)

    Code:
    [pureftpd]
    
    enabled  = true
    port     = ftp
    filter   = pureftpd
    logpath  = /var/log/syslog
    maxretry = 3
    
    
    [sasl]
    
    enabled  = true
    port     = smtp
    filter   = sasl
    logpath  = /var/log/mail.log
    maxretry = 3
    
    
    [courierpop3]
    
    enabled  = true
    port     = pop3
    filter   = courierpop3
    logpath  = /var/log/mail.log
    maxretry = 3
    
    
    [courierpop3s]
    
    enabled  = true
    port     = pop3s
    filter   = courierpop3s
    logpath  = /var/log/mail.log
    maxretry = 3
    
    
    [courierimap]
    
    enabled  = true
    port     = imap2
    filter   = courierimap
    logpath  = /var/log/mail.log
    maxretry = 3
    
    
    [courierimaps]
    
    enabled  = true
    port     = imaps
    filter   = courierimaps
    logpath  = /var/log/mail.log
    maxretry = 3
    
    
    [roundcube]
    enabled  = true
    port     = http,8080
    filter   = roundcube
    logpath  = /var/log/roundcube/userlogins
    maxretry = 3
    [webmin-auth]
    enabled = true
    port    = 10000
    filter  = webmin-auth
    logpath  = /var/log/auth.log
    maxretry = 3 
    Thanks for support....
     
  6. 8omas

    8omas New Member HowtoForge Supporter

    What's the output of:
    Code:
    iptables -L -n 
     
  7. eko_taas

    eko_taas New Member

    This is how it looks:

    Code:
    # iptables -L -n
    
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    fail2ban-sasl  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 25 
    fail2ban-courierimaps  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 993 
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain fail2ban-courierimaps (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-sasl (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    root@server1:/home/asyamain# 
    what next?
     
  8. 8omas

    8omas New Member HowtoForge Supporter

  9. eko_taas

    eko_taas New Member

    Thanks for your help,

    Now after changes looks like

    Code:
    # iptables -L -n 
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    fail2ban-sasl  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 25 
    fail2ban-roundcube  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80,8080 
    fail2ban-courierimap  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 143 
    fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 22 
    fail2ban-pureftpd  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 21 
    fail2ban-webmin-auth  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 10000 
    fail2ban-courierpop3s  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 995 
    fail2ban-courierimaps  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 993 
    fail2ban-courierpop3  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 110 
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain fail2ban-courierimap (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-courierimaps (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-courierpop3 (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-courierpop3s (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-pureftpd (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-roundcube (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-sasl (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain fail2ban-webmin-auth (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0 
    Does it look OK now?
     
  10. eko_taas

    eko_taas New Member

    ISPConfig3 monitor (Fail2Ban Log) looks better now (at least for newbee)

    Code:
    2011-04-08 09:13:57,025 fail2ban.server : INFO Exiting Fail2ban
    2011-04-08 09:13:57,801 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
    2011-04-08 09:13:57,853 fail2ban.jail : INFO Creating new jail 'courierpop3'
    2011-04-08 09:13:57,853 fail2ban.jail : INFO Jail 'courierpop3' uses poller
    2011-04-08 09:13:57,921 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2011-04-08 09:13:57,973 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:13:58,074 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:13:58,125 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:13:58,682 fail2ban.jail : INFO Creating new jail 'courierimaps'
    2011-04-08 09:13:58,683 fail2ban.jail : INFO Jail 'courierimaps' uses poller
    2011-04-08 09:13:58,734 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2011-04-08 09:13:58,785 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:13:58,886 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:13:58,937 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:13:59,495 fail2ban.jail : INFO Creating new jail 'courierpop3s'
    2011-04-08 09:13:59,507 fail2ban.jail : INFO Jail 'courierpop3s' uses poller
    2011-04-08 09:13:59,558 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2011-04-08 09:13:59,609 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:13:59,710 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:13:59,761 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:00,320 fail2ban.jail : INFO Creating new jail 'webmin-auth'
    2011-04-08 09:14:00,320 fail2ban.jail : INFO Jail 'webmin-auth' uses poller
    2011-04-08 09:14:00,372 fail2ban.filter : INFO Added logfile = /var/log/auth.log
    2011-04-08 09:14:00,423 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:14:00,524 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:14:00,575 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:01,185 fail2ban.jail : INFO Creating new jail 'pureftpd'
    2011-04-08 09:14:01,185 fail2ban.jail : INFO Jail 'pureftpd' uses poller
    2011-04-08 09:14:01,236 fail2ban.filter : INFO Added logfile = /var/log/syslog
    2011-04-08 09:14:01,287 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:14:01,389 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:14:01,440 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:01,998 fail2ban.jail : INFO Creating new jail 'ssh'
    2011-04-08 09:14:01,998 fail2ban.jail : INFO Jail 'ssh' uses poller
    2011-04-08 09:14:02,050 fail2ban.filter : INFO Added logfile = /var/log/auth.log
    2011-04-08 09:14:02,101 fail2ban.filter : INFO Set maxRetry = 6
    2011-04-08 09:14:02,202 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:14:02,253 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:03,321 fail2ban.jail : INFO Creating new jail 'courierimap'
    2011-04-08 09:14:03,321 fail2ban.jail : INFO Jail 'courierimap' uses poller
    2011-04-08 09:14:03,373 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2011-04-08 09:14:03,424 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:14:03,525 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:14:03,576 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:04,134 fail2ban.jail : INFO Creating new jail 'roundcube'
    2011-04-08 09:14:04,135 fail2ban.jail : INFO Jail 'roundcube' uses poller
    2011-04-08 09:14:04,186 fail2ban.filter : INFO Added logfile = /var/log/roundcube/userlogins
    2011-04-08 09:14:04,237 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:14:04,338 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:14:04,389 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:04,440 fail2ban.filter : ERROR No 'host' group in 'FAILED login for .*. from '
    2011-04-08 09:14:04,947 fail2ban.jail : INFO Creating new jail 'sasl'
    2011-04-08 09:14:04,947 fail2ban.jail : INFO Jail 'sasl' uses poller
    2011-04-08 09:14:04,999 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2011-04-08 09:14:05,050 fail2ban.filter : INFO Set maxRetry = 3
    2011-04-08 09:14:05,151 fail2ban.filter : INFO Set findtime = 600
    2011-04-08 09:14:05,202 fail2ban.actions: INFO Set banTime = 600
    2011-04-08 09:14:05,761 fail2ban.jail : INFO Jail 'courierpop3' started
    2011-04-08 09:14:05,813 fail2ban.jail : INFO Jail 'courierimaps' started
    2011-04-08 09:14:05,865 fail2ban.jail : INFO Jail 'courierpop3s' started
    2011-04-08 09:14:05,917 fail2ban.jail : INFO Jail 'webmin-auth' started
    2011-04-08 09:14:05,969 fail2ban.jail : INFO Jail 'pureftpd' started
    2011-04-08 09:14:06,021 fail2ban.jail : INFO Jail 'ssh' started
    2011-04-08 09:14:06,073 fail2ban.jail : INFO Jail 'courierimap' started
    2011-04-08 09:14:06,125 fail2ban.jail : INFO Jail 'roundcube' started
    2011-04-08 09:14:06,177 fail2ban.jail : INFO Jail 'sasl' started
    I'll assume now OK - big thanks
     

Share This Page