Menu
▾
▴
[Fail2ban-users] event from own Filter detected but ip not not blocked?
|
From: <reg...@un...> - 2014-08-09 09:16:03
|
2014-08-09 09:59:39,796 fail2ban.jail : INFO Creating new jail 'apache-wplogin-iptables'
2014-08-09 09:59:39,796 fail2ban.jail : INFO Jail 'apache-wplogin-iptables' uses Gamin
2014-08-09 09:59:39,796 fail2ban.filter : DEBUG Created Filter
2014-08-09 09:59:39,797 fail2ban.filter : DEBUG Created FilterGamin
2014-08-09 09:59:39,898 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addlogpath', '/home/user/mytestlogdile']
2014-08-09 09:59:39,898 fail2ban.filter : INFO Added logfile = /home/user/mytestlogdile
2014-08-09 09:59:39,999 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'maxretry', '5']
2014-08-09 09:59:39,999 fail2ban.filter : INFO Set maxRetry = 5
2014-08-09 09:59:40,100 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addignoreip', '127.0.0.1']
2014-08-09 09:59:40,100 fail2ban.filter : DEBUG Add 127.0.0.1 to ignore list
2014-08-09 09:59:41,110 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'findtime', '30']
2014-08-09 09:59:41,110 fail2ban.filter : INFO Set findtime = 30
2014-08-09 09:59:41,211 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'bantime', '86400']
2014-08-09 09:59:41,211 fail2ban.actions: INFO Set banTime = 86400
2014-08-09 09:59:41,312 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addfailregex', '^<HOST> .* "POST /wp-login']
2014-08-09 09:59:41,413 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addaction', 'iptables-multiport']
2014-08-09 09:59:41,413 fail2ban.actions.action: DEBUG Created Action
2014-08-09 09:59:41,514 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
2014-08-09 09:59:41,514 fail2ban.actions.action: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2014-08-09 09:59:41,615 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstop', 'iptables-multiport', 'iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
2014-08-09 09:59:41,615 fail2ban.actions.action: DEBUG Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2014-08-09 09:59:41,716 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
2014-08-09 09:59:41,716 fail2ban.actions.action: DEBUG Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2014-08-09 09:59:41,817 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
2014-08-09 09:59:41,817 fail2ban.actions.action: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2014-08-09 09:59:41,918 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actioncheck', 'iptables-multiport', 'iptables -n -L INPUT | grep -q fail2ban-<name>']
2014-08-09 09:59:41,918 fail2ban.actions.action: DEBUG Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2014-08-09 09:59:42,019 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
2014-08-09 09:59:42,120 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'iptables-multiport', 'name', 'apache-wplogin']
2014-08-09 09:59:42,221 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'iptables-multiport', 'port', 'http,https']
2014-08-09 09:59:42,322 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'addaction', 'sendmail-whois']
2014-08-09 09:59:42,322 fail2ban.actions.action: DEBUG Created Action
2014-08-09 09:59:42,423 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere are more information about <ip>:\\n\n`/usr/bin/whois <ip>`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
2014-08-09 09:59:42,423 fail2ban.actions.action: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2014-08-09 09:59:42,524 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
2014-08-09 09:59:42,524 fail2ban.actions.action: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2014-08-09 09:59:42,625 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
2014-08-09 09:59:42,625 fail2ban.actions.action: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2014-08-09 09:59:42,726 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actionunban', 'sendmail-whois', '']
2014-08-09 09:59:42,726 fail2ban.actions.action: DEBUG Set actionUnban =
2014-08-09 09:59:42,826 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'actioncheck', 'sendmail-whois', '']
2014-08-09 09:59:42,827 fail2ban.actions.action: DEBUG Set actionCheck =
2014-08-09 09:59:42,928 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'sendmail-whois', 'dest', 'my...@my...']
2014-08-09 09:59:43,029 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'sendmail-whois', 'name', 'apache-wplogin']
2014-08-09 09:59:43,129 fail2ban.comm : DEBUG Command: ['set', 'apache-wplogin-iptables', 'setcinfo', 'sendmail-whois', 'sender', 'fai...@my...']
2014-08-09 09:59:43,230 fail2ban.comm : DEBUG Command: ['add', 'proftpd-iptables', 'auto']
2014-08-09 09:59:43,231 fail2ban.jail : INFO Creating new jail 'proftpd-iptables'
2014-08-09 09:59:43,231 fail2ban.jail : INFO Jail 'proftpd-iptables' uses Gamin
2014-08-09 09:59:43,231 fail2ban.filter : DEBUG Created Filter
2014-08-09 09:59:43,231 fail2ban.filter : DEBUG Created FilterGamin
...
2014-08-09 09:59:49,605 fail2ban.comm : DEBUG Command: ['start', 'apache-wplogin-iptables']
2014-08-09 09:59:49,605 fail2ban.filter : DEBUG Got event: 8 for /home/user/mytestlogfile
2014-08-09 09:59:49,605 fail2ban.filter : DEBUG File changed: /home/user/mytestlogfile
2014-08-09 09:59:49,605 fail2ban.filter : DEBUG Got event: 9 for /home/user/mytestlogfile
2014-08-09 09:59:49,605 fail2ban.filter.datedetector: DEBUG Sorting the template list
2014-08-09 09:59:49,606 fail2ban.actions.action: DEBUG iptables -N fail2ban-apache-wplogin
iptables -A fail2ban-apache-wplogin -j RETURN
iptables -I INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-wplogin
2014-08-09 09:59:49,607 fail2ban.jail : INFO Jail 'apache-wplogin-iptables' started
2014-08-09 09:59:49,616 fail2ban.actions.action: DEBUG iptables -N fail2ban-apache-wplogin
iptables -A fail2ban-apache-wplogin -j RETURN
iptables -I INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-wplogin returned successfully
2014-08-09 09:59:49,616 fail2ban.actions.action: DEBUG printf %b "Subject: [Fail2Ban] apache-wplogin: started
From: Fail2Ban <...>
To: ...\n
Hi,\n
The jail apache-wplogin has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f ......
2014-08-09 09:59:49,665 fail2ban.actions.action: DEBUG printf %b "Subject: [Fail2Ban] apache-wplogin: started
From: Fail2Ban <....>
To: ....\n
Hi,\n
The jail apache-wplogin has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f ....... returned successfully
**********************************
**********************************
AND AFTER THAT THE LOGFILE JUST WRITE SOME NEW ENTRIES LIKE
**********************************
**********************************
2014-08-09 10:00:16,364 fail2ban.filter.datedetector: DEBUG Sorting the template list
2014-08-09 10:00:16,418 fail2ban.filter : DEBUG Got event: 1 for /var/log/secure
2014-08-09 10:00:16,419 fail2ban.filter : DEBUG File changed: /var/log/secure
**********************************
**********************************
WHEN I ADD SOME MORE ENTRIES IN MY TESTLOGFILE THE FOLLOWING APEARS, BUT NO BLOCKING OR E_MAIL IS SENT:
**********************************
**********************************
2014-08-09 10:15:58,618 fail2ban.filter : DEBUG Got event: 2 for /home/user/mytestlogfile
2014-08-09 10:15:58,618 fail2ban.filter : DEBUG Got event: 5 for /home/user/mytestlogfile
2014-08-09 10:15:58,618 fail2ban.filter : DEBUG File changed: /home/user/mytestlogfile
2014-08-09 10:15:58,618 fail2ban.filter : INFO Log rotation detected for /home/user/mytestlogfile
2014-08-09 10:15:58,623 fail2ban.filter : DEBUG Got event: 1 for /home/user/mytestlogfile
2014-08-09 10:15:58,623 fail2ban.filter : DEBUG File changed: /home/user/mytestlogfile
|