From: <di...@co...> - 2007-09-21 12:31:06
|
Hello, I just installed fail2ban on a Debian Sarge machine which runs quite nice so far. I only have to problems. I use pure-ftp and would like to ban servers which tried to connect with incorrect logins. in my jaul.conf i put: [pureftpd-iptables] enabled = true filter = pureftpd action = iptables[name=PureFTPD, port=ftp, protocol=tcp] sendmail-whois[name=PureFTPD, dest=ad...@co...] logpath = /var/log/ftp.log maxretry = 5 my filter is defined as follows: __errmsg = (?:Authentication failed for user) failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ In case of a wrong login, my log has the following output: Sep 21 12:57:12 srvxxx pure-ftpd: (?@domain.tld) [WARNING] Authentication failed for user [user] Fail2ban recognizes the try, but my failban logs: fail2ban.filter : WARNING Unable to find a corresponding IP address for domain.tld So the IP Adress cannot be resolved. But this works fine for example for my ssh or imap rules, the IP can be resolved. Do you have any Idea how to resolve the problem? Further, I have a problem with hosts.deny. Which permissions should be set, so that fail2ban can write into it. Once fail2ban wanted to use hosts.deny, I got: fail2ban.actions.action: ERROR IP=72.178.149.5 && echo "ALL: $IP" >> /ets/hosts.deny returned 100 Any ideas? Thx dirk -- +----------------------------------------------------+ | Udo Corts Fanclub corts-fanclub.de | | Customer Relationship di...@co... | +----------------------------------------------------+ |
From: Justin P. <jp...@lu...> - 2007-09-21 13:01:44
|
On Fri, 21 Sep 2007, Dirk V=F6llger wrote: > Hello, > > I just installed fail2ban on a Debian Sarge machine which runs quite > nice so far. I only have to problems. I use pure-ftp and would like to > ban servers which tried to connect with incorrect logins. > > in my jaul.conf i put: > > [pureftpd-iptables] > > enabled =3D true > filter =3D pureftpd > action =3D iptables[name=3DPureFTPD, port=3Dftp, protocol=3Dtcp] > sendmail-whois[name=3DPureFTPD, dest=3D...@co...] > logpath =3D /var/log/ftp.log > maxretry =3D 5 > > my filter is defined as follows: > > __errmsg =3D (?:Authentication failed for user) > failregex =3D pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ > > In case of a wrong login, my log has the following output: > > > Sep 21 12:57:12 srvxxx pure-ftpd: (?@domain.tld) [WARNING] > Authentication failed for user [user] > > Fail2ban recognizes the try, but my failban logs: > > fail2ban.filter : WARNING Unable to find a corresponding IP address for > domain.tld > > So the IP Adress cannot be resolved. But this works fine for example for > my ssh or imap rules, the IP can be resolved. Do you have any Idea how > to resolve the problem? > > Further, I have a problem with hosts.deny. Which permissions should be > set, so that fail2ban can write into it. Once fail2ban wanted to use > hosts.deny, I got: > > fail2ban.actions.action: ERROR IP=3D72.178.149.5 && > echo "ALL: $IP" >> /ets/hosts.deny returned 100 > > Any ideas? > > Thx > > dirk > > > > --=20 > +----------------------------------------------------+ > | Udo Corts Fanclub corts-fanclub.de | > | Customer Relationship di...@co... | > +----------------------------------------------------+ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > Permissions would need to be set for the user fail2ban runs or its group=20 and then chmod appropriately. Justin. |