fail2ban & pure-ftpd

Discussion in 'Server Operation' started by JeanC, Mar 9, 2011.

Thread Status:
Not open for further replies.
  1. JeanC

    JeanC New Member

    SOLVED fail2ban & pure-ftpd

    Edit: solved with sudo chmod a+rw /var/run/fail2ban/fail2ban.sock

    Hello,
    Fail2ban does not ban authentication failures from pure-ftpd. Anybody can help me?

    I used this filter :
    Code:
    __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)
failregex = pure-ftpd: \(\?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$
ignoreregex =
    This is in jail.conf:

    Code:
    [pure-ftpd]

enabled  = true
port	 = ftp,ftp-data,ftps,ftps-data
filter   = pure-ftpd
logpath  = /var/log/messages
maxretry = 6
    These are in /var/log/messages:

    Code:
    Mar  9 09:33:24 server pure-ftpd: (?@192.168.1.11) [WARNING] Authentication failed for user [anonymous]
    Testing with

    Code:
    fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/pure-ftpd.conf
    yields lots of hits.

    'sudo fail2ban-client status' tells me it's running the jail.

    Still no bans.

    Thanks for help.
     
    Last edited: Mar 10, 2011
    JeanC, Mar 9, 2011
    #1
Thread Status:
Not open for further replies.

Share This Page