From: Marcus M. <mar...@fr...> - 2009-05-17 10:14:54
|
Hello, just one question. Yesterday, i installed the fail2ban programm on my Debian Etch system. In the jail.conf i enabled the proftpd-iptables and now im getting this message into fail2ban.log fail2ban.filter : ERROR No failregex is set What does it mean. Whats wrong ? Jail.conf [proftpd-iptables] enabled = true filter = proftpd action = iptables[name=ProFTPD, port=21, protocol=tcp] sendmail-whois[name=ProFTPD, dest=in...@xx...] logpath = /var/log/auth.log maxretry = 5 proftpd.conf failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$ \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$ \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$ \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = and the logfile auth.log May 16 13:43:00 server01 proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser=mmuster rhost=x.x.x.x user=mmuster May 16 13:43:02 server01 proftpd[13715]: server01.xxx.de (x.x.x.x[x.x.x.x]) - USER mmuster (Login failed): Incorrect password. May 16 13:43:02 server01 proftpd[13715]: server01.xxx.de (x.x.x.x[x.x.x.x]) - FTP session closed. |