From: Tom H. <to...@wh...> - 2013-12-06 19:10:12
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, You could try to temporarily revert the setting to auto, and then check the logfile to see what it uses (probably pynotify). Maybe that doesn't work on the filesystem that you use for the logfile: it seems to be mounted so maybe it's nfs or something like that? More details on the actual problem would help other users solve this issue in the future :) On 06-12-13 19:34, Yan Hudon wrote: > Finally got it! > > As pointed by Denny, the solution was to change the backend from > auto to gamin (no idea why auto was working fine with the ssh jail > but no others). > > Little slice of life: The reason I tought first that it didn't do > the trick (thus, my previous reply) was because I had forgot that > in the meantime, I had switch my phone (yes, I am testing with a > phone since it is on another network) to use our local wifi wich is > whitelisted). As soon as I put it back to the 4g network, I > finally got the desired result. > > Thank you very much for your help Denny! > > On 13-12-06 12:44 PM, Denny Jones wrote: >> I had the same issues and found this: >> >> http://lists.centos.org/pipermail/centos/2012-June/126860.html >> >> The steps in that article got my CentOS install to work. >> >> Hope this helps. >> >> >> >> >> -----Original Message----- From: Yan Hudon <ya...@ja...> >> To: fail2ban-users <fai...@li...> Sent: >> Fri, Dec 6, 2013 10:21 am Subject: [Fail2ban-users] Fail2ban >> partially working >> >> Hi, >> >> I've set up fail2ban on a centos server and everything is working >> fine for my ssh jail (i am receiving alerts and shorewall is >> banning ips) but somehow, my 2 others, vsftpd and smtp, are >> processed (I can that they are by monitoring the log upon >> startup) but never seems to notice any failed logging attempt >> thus, never taking actions. >> >> I have used fail2ban-regex to be sure that my regex were good and >> they are. >> >> For example, let's take my vsftpd jail : >> >> *jail status* (it never changes) >> >> [root@gw fail2ban]# fail2ban-client status vsftpd6 Status for the >> jail: vsftpd6 |- filter | |- File list: >> /mnt/syslog/10.1.0.6/vsftpd.log | |- Currently failed: 0 | >> `- Total failed: 0 `- action |- Currently banned: 0 | `- >> IP list: `- Total banned: 0 >> >> >> *jail.local content* >> >> [vsftpd6] >> >> enabled = true filter = vsftpd action = shorewall >> sendmail-whois[name=VSFTPD, dest=it...@ja...] logpath = >> /mnt/syslog/10.1.0.6/vsftpd.log maxretry = 2 bantime = -1 >> >> *vsftpd filter regex* >> >> failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* >> authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$ >> \[.+\] FAIL LOGIN: Client "<HOST>"\s*$ >> >> *Sample of the vsftpd logfile* >> >> [root@gw fail2ban]# tail /mnt/syslog/10.1.0.6/vsftpd.log Dec 6 >> 10:10:44 ara vsftpd[3673]: [yan] FAIL LOGIN: Client >> "24.100.220.57" Dec 6 10:13:26 ara vsftpd[3763]: [yan] FAIL >> LOGIN: Client "24.100.220.57" Dec 6 10:22:03 ara vsftpd[3989]: >> [yan] FAIL LOGIN: Client "24.100.220.57" Dec 6 10:22:51 ara >> vsftpd[3989]: [yan] FAIL LOGIN: Client "24.100.220.57" Dec 6 >> 10:25:24 ara vsftpd[4085]: [yan] FAIL LOGIN: Client >> "24.100.220.57" Dec 6 10:25:29 ara vsftpd[4085]: [yan] FAIL >> LOGIN: Client "24.100.220.57" Dec 6 10:35:05 ara vsftpd[4334]: >> [yan] FAIL LOGIN: Client "24.100.220.57" Dec 6 10:35:47 ara >> vsftpd[4334]: [yan] FAIL LOGIN: Client "24.100.220.57" Dec 6 >> 10:38:02 ara vsftpd[4334]: [yan] FAIL LOGIN: Client >> "24.100.220.57" Dec 6 10:47:16 ara vsftpd[4622]: [yan] FAIL >> LOGIN: Client "24.100.220.57" >> >> *fail2ban-regex results* >> >> fail2ban-regex /mnt/syslog/10.1.0.6/vsftpd.log '\[.+\] FAIL >> LOGIN: Client "<HOST>"\s*$' >> >> Date template hits: 723 hit(s): MONTH Day Hour:Minute:Second >> >> Success, the total number of match is 308 >> >> I've been searching for hours but cannot find anything. >> >> Any help will be appreciated. >> >> >> ------------------------------------------------------------------------------ >> >> Sponsored by Intel(R) XDK >> Develop, test and display web and hybrid apps with a single code >> base. Download it for free now! >> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk >> >> _______________________________________________ >> Fail2ban-users mailing list Fai...@li... >> <mailto:Fai...@li...> >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > ------------------------------------------------------------------------------ > > Sponsored by Intel(R) XDK > Develop, test and display web and hybrid apps with a single code > base. Download it for free now! > http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk > > > > > _______________________________________________ Fail2ban-users > mailing list Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSoiEGAAoJEJPfMZ19VO/1i0gP/iI9ktbaw7INxUIeh8q8tsVr NSbj1QObwezn+/JqKCBkRNS/ua3vmOONa6vmj//cKIXDXgB9NlLw0du2SqHEPvMw 8WgZTMVS/2RrGb1TkCNCnmOkScIAzO/P8OHanu0602sgqtb2mnI/UR3MUrXYD3q7 spNuh2pUM11Mwhwy1mJ2f5NsLfm5tZbK40vBfg6a4GT3TLZ+YgWUj+2tyZlV6DQS Q5+sHR8LPh3rC+oRqlMbgTY5e8hUfJwG9OnVSTS7YYiRF1NBzpiN0pBnqDOFLPV6 ar0ZFEd6EHakjXLRpqjG3zDM/fzMrc5SqVaeuok8J8AIoGdvCQEejr8MgXQ14C8K aqR7vdcNPl+OdUJQ/nSoKdlMtWxGVy8iT12Riq1PMMRyf9ELJVOXvrEKa39rWTvD n7U+TpYxJtWLp5tP68gqea7RGYqKMLb6nqx2rBQAo7gu0wXO5vfEnuAkLkh3NHmF e+wT3UYwzWeliuj3XeYOFI1gSn9y0/Fo5O3TcrcN40n2HV2TWc2Txx7n0gmLvnEH YMN4NyjSRMLLnfxNQUnEecI6KP9TR76N8qJmQZMeJ3jwbaiY522Z8ZKnEmCb1qvO 2i1lVqG03dprb2mZUKjAEzYmezGTvyrE54cyXV6WBMOd5Swv2cT2foaTAVlfQoFA nGMZCANZnxo5NdBTDuO8 =hnAe -----END PGP SIGNATURE----- |