Hi there,

 

I need some help to configure fail2ban with vsftpd.

I run Debian with :

Python 2.4.4

Vsftpd 2.0.5-2

Fail2ban 0.7.5-2etch1

 

My vsftpd.conf under filters.d is :

 

failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$

\[.+\] FAIL LOGIN: Client "<HOST>"$

\[.+\] \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$

\[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$

 

 

And the jail.conf is :

 

[vsftpd]

 

enabled  = true

port     = ftp

filter   = vsftpd

logpath  = /var/log/vsftpd.log

maxretry = 3

 

 

When I run

 

Fail2ban-regex /var/log/vsftpd.log /etc/fail2ban/filter.d/vsftpd.conf

 

I just get this :

 

 

Sorry, no match

 

 

So I think this is the regex that are not correct. This is a sample of mine vsftpd.log :

 

Mon Feb 18 17:48:17 2008 [pid 15483] [staff] FTP command: Client "58.229.117.56", "PASS <password>"

Mon Feb 18 17:48:17 2008 [pid 15482] [staff] FAIL LOGIN: Client "58.229.117.56"

Mon Feb 18 17:48:18 2008 [pid 15483] [staff] FTP response: Client "58.229.117.56", "530 Login incorrect."

 

Can Someone help me ?

 

Thanks