From: <reg...@un...> - 2014-08-09 09:16:03
|
2014-08-09 09:59:39,796 fail2ban.jail : INFO Creating new jail 'apache-wplogin-iptables' 2014-08-09 09:59:39,796 fail2ban.jail : INFO Jail 'apache-wplogin-iptables' uses Gamin 2014-08-09 09:59:39,796 fail2ban.filter : DEBUG Created Filter 2014-08-09 09:59:39,797 fail2ban.filter : DEBUG Created FilterGamin 2014-08-09 09:59:39,898 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addlogpath', '/home/user/mytestlogdile'] 2014-08-09 09:59:39,898 fail2ban.filter : INFO Added logfile = /home/user/mytestlogdile 2014-08-09 09:59:39,999 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'maxretry', '5'] 2014-08-09 09:59:39,999 fail2ban.filter : INFO Set maxRetry = 5 2014-08-09 09:59:40,100 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addignoreip', '127.0.0.1'] 2014-08-09 09:59:40,100 fail2ban.filter : DEBUG Add 127.0.0.1 to ignore list 2014-08-09 09:59:41,110 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'findtime', '30'] 2014-08-09 09:59:41,110 fail2ban.filter : INFO Set findtime = 30 2014-08-09 09:59:41,211 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'bantime', '86400'] 2014-08-09 09:59:41,211 fail2ban.actions: INFO Set banTime = 86400 2014-08-09 09:59:41,312 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addfailregex', '^<HOST> .* "POST /wp-login'] 2014-08-09 09:59:41,413 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addaction', 'iptables-multiport'] 2014-08-09 09:59:41,413 fail2ban.actions.action: DEBUG Created Action 2014-08-09 09:59:41,514 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP'] 2014-08-09 09:59:41,514 fail2ban.actions.action: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP 2014-08-09 09:59:41,615 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstop', 'iptables-multiport', 'iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>'] 2014-08-09 09:59:41,615 fail2ban.actions.action: DEBUG Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> iptables -F fail2ban-<name> iptables -X fail2ban-<name> 2014-08-09 09:59:41,716 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>'] 2014-08-09 09:59:41,716 fail2ban.actions.action: DEBUG Set actionStart = iptables -N fail2ban-<name> iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> 2014-08-09 09:59:41,817 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j DROP'] 2014-08-09 09:59:41,817 fail2ban.actions.action: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP 2014-08-09 09:59:41,918 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actioncheck', 'iptables-multiport', 'iptables -n -L INPUT | grep -q fail2ban-<name>'] 2014-08-09 09:59:41,918 fail2ban.actions.action: DEBUG Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name> 2014-08-09 09:59:42,019 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp'] 2014-08-09 09:59:42,120 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'iptables-multiport', 'name', 'apache-wplogin'] 2014-08-09 09:59:42,221 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'iptables-multiport', 'port', 'http,https'] 2014-08-09 09:59:42,322 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addaction', 'sendmail-whois'] 2014-08-09 09:59:42,322 fail2ban.actions.action: DEBUG Created Action 2014-08-09 09:59:42,423 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere are more information about <ip>:\\n\n`/usr/bin/whois <ip>`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>'] 2014-08-09 09:59:42,423 fail2ban.actions.action: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip> From: Fail2Ban <<sender>> To: <dest>\n Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\n Here are more information about <ip>:\n `/usr/bin/whois <ip>`\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> 2014-08-09 09:59:42,524 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>'] 2014-08-09 09:59:42,524 fail2ban.actions.action: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped From: Fail2Ban <<sender>> To: <dest>\n Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> 2014-08-09 09:59:42,625 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>'] 2014-08-09 09:59:42,625 fail2ban.actions.action: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started From: Fail2Ban <<sender>> To: <dest>\n Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> 2014-08-09 09:59:42,726 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionunban', 'sendmail-whois', ''] 2014-08-09 09:59:42,726 fail2ban.actions.action: DEBUG Set actionUnban = 2014-08-09 09:59:42,826 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actioncheck', 'sendmail-whois', ''] 2014-08-09 09:59:42,827 fail2ban.actions.action: DEBUG Set actionCheck = 2014-08-09 09:59:42,928 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'sendmail-whois', 'dest', 'my...@my...'] 2014-08-09 09:59:43,029 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'sendmail-whois', 'name', 'apache-wplogin'] 2014-08-09 09:59:43,129 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'sendmail-whois', 'sender', 'fai...@my...'] 2014-08-09 09:59:43,230 fail2ban.comm : DEBUG Command: ['add', 'proftpd-iptables', 'auto'] 2014-08-09 09:59:43,231 fail2ban.jail : INFO Creating new jail 'proftpd-iptables' 2014-08-09 09:59:43,231 fail2ban.jail : INFO Jail 'proftpd-iptables' uses Gamin 2014-08-09 09:59:43,231 fail2ban.filter : DEBUG Created Filter 2014-08-09 09:59:43,231 fail2ban.filter : DEBUG Created FilterGamin ... 2014-08-09 09:59:49,605 fail2ban.comm : DEBUG Command: ['start', 'apache-wplogin-iptables'] 2014-08-09 09:59:49,605 fail2ban.filter : DEBUG Got event: 8 for /home/user/mytestlogfile 2014-08-09 09:59:49,605 fail2ban.filter : DEBUG File changed: /home/user/mytestlogfile 2014-08-09 09:59:49,605 fail2ban.filter : DEBUG Got event: 9 for /home/user/mytestlogfile 2014-08-09 09:59:49,605 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-08-09 09:59:49,606 fail2ban.actions.action: DEBUG iptables -N fail2ban-apache-wplogin iptables -A fail2ban-apache-wplogin -j RETURN iptables -I INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-wplogin 2014-08-09 09:59:49,607 fail2ban.jail : INFO Jail 'apache-wplogin-iptables' started 2014-08-09 09:59:49,616 fail2ban.actions.action: DEBUG iptables -N fail2ban-apache-wplogin iptables -A fail2ban-apache-wplogin -j RETURN iptables -I INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-wplogin returned successfully 2014-08-09 09:59:49,616 fail2ban.actions.action: DEBUG printf %b "Subject: [Fail2Ban] apache-wplogin: started From: Fail2Ban <...> To: ...\n Hi,\n The jail apache-wplogin has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f ...... 2014-08-09 09:59:49,665 fail2ban.actions.action: DEBUG printf %b "Subject: [Fail2Ban] apache-wplogin: started From: Fail2Ban <....> To: ....\n Hi,\n The jail apache-wplogin has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f ....... returned successfully ********************************** ********************************** AND AFTER THAT THE LOGFILE JUST WRITE SOME NEW ENTRIES LIKE ********************************** ********************************** 2014-08-09 10:00:16,364 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-08-09 10:00:16,418 fail2ban.filter : DEBUG Got event: 1 for /var/log/secure 2014-08-09 10:00:16,419 fail2ban.filter : DEBUG File changed: /var/log/secure ********************************** ********************************** WHEN I ADD SOME MORE ENTRIES IN MY TESTLOGFILE THE FOLLOWING APEARS, BUT NO BLOCKING OR E_MAIL IS SENT: ********************************** ********************************** 2014-08-09 10:15:58,618 fail2ban.filter : DEBUG Got event: 2 for /home/user/mytestlogfile 2014-08-09 10:15:58,618 fail2ban.filter : DEBUG Got event: 5 for /home/user/mytestlogfile 2014-08-09 10:15:58,618 fail2ban.filter : DEBUG File changed: /home/user/mytestlogfile 2014-08-09 10:15:58,618 fail2ban.filter : INFO Log rotation detected for /home/user/mytestlogfile 2014-08-09 10:15:58,623 fail2ban.filter : DEBUG Got event: 1 for /home/user/mytestlogfile 2014-08-09 10:15:58,623 fail2ban.filter : DEBUG File changed: /home/user/mytestlogfile |