Eve
New Member
Guten Abend, bzw Morgen . Ich bin nun seit Gästen Abend 19Uhr auf Fehler suche und ich weiß einfach nicht mehr weiter .
Zu meinem Problem, wie im Title schon steht bekomme ich Fail2Ban nicht zum laufen. Die iptable Regeln werden zwar erstellt jedoch greifen sie nicht. Die Fehlerhaften logins werden auch nicht mit geloggt. Ich bin soweit das ich weiß das die fehlerhaften Logins nicht geloggt werden und Fail2ban nichts bekommt womit er arbeiten kann jedoch weiß ich absolute nicht wieso das so ist und wie ich vorgehen soll.
System: Debian6 64Bit mit Plesk11 auf einem HP Microserver von Webtropia.
IPTables:
jail.conf:
fail2ban.conf:
Ich vermute einen grundlegenden Fehler da denyhost auch nicht reagiert.
Mag mir Jemand helfen? ich komm einfach nicht mehr weiter
lg Eve
Zu meinem Problem, wie im Title schon steht bekomme ich Fail2Ban nicht zum laufen. Die iptable Regeln werden zwar erstellt jedoch greifen sie nicht. Die Fehlerhaften logins werden auch nicht mit geloggt. Ich bin soweit das ich weiß das die fehlerhaften Logins nicht geloggt werden und Fail2ban nichts bekommt womit er arbeiten kann jedoch weiß ich absolute nicht wieso das so ist und wie ich vorgehen soll.
System: Debian6 64Bit mit Plesk11 auf einem HP Microserver von Webtropia.
IPTables:
Code:
root@Webserver:~# iptables -L -v
Chain fail2ban-apache-overflows (1 references)
pkts bytes target prot opt in out source destination
257 11202 RETURN all -- any any anywhere anywhere
Chain fail2ban-courierauth (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-couriersmtp (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-postfix (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-proftpd (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source destination
88 5808 RETURN all -- any any anywhere anywhere
Chain fail2ban-ssh-ddos (1 references)
pkts bytes target prot opt in out source destination
88 5808 RETURN all -- any any anywhere anywhere
jail.conf:
Code:
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1
bantime = 31556926
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
# This issue left ToDo, so polling is default backend for now
backend = polling
#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = admin@domain.tld
#
# ACTIONS
#
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overriden globally or per
# section within jail.local file
banaction = iptables-multiport
# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail
# Default protocol
protocol = tcp
#
# Action shortcuts. To be used to define action parameter
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s]
# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
#
# JAILS
#
# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Enable any defined here jail by including
#
# [SECTION_NAME]
# enabled = true
#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
[ssh]
enabled = true
port = 223
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]
enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
maxretry = 3
[xinetd-fail]
enabled = false
filter = xinetd-fail
port = all
banaction = iptables-multiport-log
logpath = /var/log/daemon.log
maxretry = 2
[ssh-ddos]
enabled = true
port = 223
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 3
fail2ban.conf:
Code:
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 629 $
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# 1 = ERROR
# 2 = WARN
# 3 = INFO
# 4 = DEBUG
# Values: NUM Default: 3
#
loglevel = 3
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log
#
logtarget = /var/log/fail2ban.log
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: FILE Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
Ich vermute einen grundlegenden Fehler da denyhost auch nicht reagiert.
Mag mir Jemand helfen? ich komm einfach nicht mehr weiter
lg Eve
Last edited by a moderator: