Fail2ban unable to ban

Discussion in 'Server Operation' started by aberrio, Mar 25, 2011.

  1. aberrio

    aberrio New Member

    Hello,

    I installed fail2ban in opensuse 11.3 server. After restarted status shows

    www:~ # fail2ban-client status
    Status
    |- Number of jail: 0
    `- Jail list:

    But I do have apache and pureftpd fail active, and of course fail2ban is not banning. I notice that the fail2ban log file is old no new entries on it.

    I do have ipatables on but is fail2ban is not active.

    www:~ # iptables -n -L INPUT
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED
    input_ext all -- 0.0.0.0/0 0.0.0.0/0
    input_ext all -- 0.0.0.0/0 0.0.0.0/0
    LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
    DROP all -- 0.0.0.0/0 0.0.0.0/0
    www:~ #


    Here is my jail file..

    [apache-nohome]
    enabled = true
    filter = apache-nohome
    action = iptables-multiport[name=apache-nohome, port="http,https"]
    sendmail-buffered[name=apache-nohome, lines=5, dest=admin@wwwwwww.xxx]
    [name=apache-overflows, port=http,https, protocol=tcp]
    logpath = /var/log/apache2/error_log
    bantime = 86400
    maxretry = 1



    [pureftpd-iptables]
    enabled = true
    filter = pure-ftpd
    action = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
    sendmail-whois[name=pure-ftpd, dest=admin@xxxxxxxxx.net, sender=fail2ban@xxxxxxx.net]
    logpath = /var/log/warn
    maxretry = 3


    I tested with www:~ # fail2ban-regex /var/log/warn /etc/fail2ban/filter.d/pure-ftpd.conf

    Success, the total number of match is 22827

    Any sugestion.

    Reagrds,

    Al
     
    Last edited: Mar 25, 2011

Share This Page