Re: [Fail2ban-users] [Support Request]New action definition

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi

It's probably a lot less fragile if you share your (owncloud) log file
with the proxy machine using f.i. syslog over network.

Regards,
	Tom

On 12/03/2013 10:37 AM, Alain Devarieux wrote:
> Hi, 
> 
> First, excuse me for my bad english.
> I'm trying to protect our owncloud server with fail2ban. We use a reverse
> proxy so the owncloud server only see the IP of the reverse proxy.
> I successfully logged the IP of the attacker with the http header
> X-forwarded-for. Now, I'm trying to tell to fail2ban to ban the IP on the
> reverse proxy. 
> 
> Here is my jail.conf file : 
> [owncloud-rban]
> enabled = true
> filter = owncloud
> action = rban[name=owncloud, fwip=X.X.X.X]
> logpath = /var/log/owncloud-fail.log
> maxretry = 5
> 
> File filter.d/owncloud.conf : 
> [Definition]
> failregex = <HOST>$
> ignoreregex =
> 
> File action.d/rban.conf
> [Definition]
> actionstart =
> actionstop =
> actioncheck = touch /var/log/fail2ban
> actionban = /usr/bin/ssh -v -l f2b -tt <fwip> `sudo /usr/bin/fail2ban-client
> set default-iptables banip <ip>` &&
> /usr/bin/ssh -v -l f2b -tt <fwip> `/bin/touch /var/log/fail2ban`;
> actionunban =
> 
> I'm running Centos 6.4.
> When running /etc/init.d/fail2ban start, I only have a fail, without error
> message.
> When running fail2ban-server, the daemon starts 
> # fail2ban-server
> 2013-12-03 10:28:45,257 fail2ban.server : INFO   Starting Fail2ban v0.8.10
> 2013-12-03 10:28:45,257 fail2ban.server : INFO   Starting in daemon mode
> 
> But, when I run fail2ban-client reload, I have this error : 
> # fail2ban-client reload
> ERROR  Error in action definition rban[name=owncloud, fwip=X.X.X.X]
> ERROR  Errors in jail 'owncloud-rban'. Skipping...
> 
> Could someone tell me where is the error in this action definition?
> 
> Sincerely,
> 
> Alain Devarieux
> 
> 
> 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> Fail2ban-users mailing list
> Fai...@li...
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> 