I have this exact error in CentOS 5.3 x86_64, using ISPConfig 3.0.1.3: FS#588 - CentOS: Monitoring plugin doesn't recognize fail2ban I followed the The Perfect Server - CentOS 5.3 x86_64 [ISPConfig 3] to the letter (and found another bug in it - you must run "yum install apr-devel" or you will fail compiling SuPHP). Everything seems to be fine (still checking some functions), yet the fail2ban plugin isn't working.
which fail2ban produces: /usr/bin/which: no fail2ban in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin) The command I used to install it was "yum install fail2ban", as described in the server howto. The actual client is found, no problem: which fail2ban-client produces: /usr/bin/fail2ban-client The log file is here, but is empty: /var/log/fail2ban.log
Lol, nevermind, I made a configuration error, being new to fail2ban. I didn't realize the jails had to be activated before it would start logging. You'd think it would log something, even a "no jails active" message. Now my problem is that I can't seem to figure out why it's not working correctly. I'm not sure what I should enable, or what's safe with ISPConfig 3. I'm getting logs, but they look like this: Code: 2009-06-09 15:06:59,959 fail2ban.jail : INFO Using Gamin 2009-06-09 15:06:59,967 fail2ban.filter : INFO Created Filter 2009-06-09 15:06:59,967 fail2ban.filter : INFO Created FilterGamin 2009-06-09 15:06:59,968 fail2ban.filter : INFO Set maxRetry = 5 2009-06-09 15:06:59,970 fail2ban.filter : INFO Set findtime = 600 2009-06-09 15:06:59,971 fail2ban.actions: INFO Set banTime = 3600 2009-06-09 15:06:59,998 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP 2009-06-09 15:06:59,998 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban- iptables -F fail2ban- iptables -X fail2ban- 2009-06-09 15:06:59,999 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban- iptables -A fail2ban- -j RETURN iptables -I INPUT -p --dport -j fail2ban- 2009-06-09 15:06:59,999 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP 2009-06-09 15:07:00,000 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban- 2009-06-09 15:07:00,001 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned From: Fail2Ban <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here are more information about :\n `/usr/bin/whois `\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2009-06-09 15:07:00,002 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped From: Fail2Ban <> To: \n Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2009-06-09 15:07:00,002 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started From: Fail2Ban <> To: \n Hi,\n The jail has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2009-06-09 15:07:00,003 fail2ban.actions.action: INFO Set actionUnban = 2009-06-09 15:07:00,003 fail2ban.actions.action: INFO Set actionCheck = 2009-06-09 15:07:00,005 fail2ban.jail : INFO Using Gamin 2009-06-09 15:07:00,005 fail2ban.filter : INFO Created Filter 2009-06-09 15:07:00,005 fail2ban.filter : INFO Created FilterGamin 2009-06-09 15:07:00,005 fail2ban.filter : INFO Set maxRetry = 3 2009-06-09 15:07:00,007 fail2ban.filter : INFO Set findtime = 600 2009-06-09 15:07:00,007 fail2ban.actions: INFO Set banTime = 300 2009-06-09 15:07:00,008 fail2ban.actions.action: INFO Set actionBan = IP= && printf %b "ALL: $IP\n" >> 2009-06-09 15:07:00,009 fail2ban.actions.action: INFO Set actionStop = 2009-06-09 15:07:00,009 fail2ban.actions.action: INFO Set actionStart = 2009-06-09 15:07:00,010 fail2ban.actions.action: INFO Set actionUnban = IP= && sed -i.old /ALL:\ $IP/d 2009-06-09 15:07:00,010 fail2ban.actions.action: INFO Set actionCheck = 2009-06-09 15:07:00,011 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned From: Fail2Ban <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2009-06-09 15:07:00,012 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped From: Fail2Ban <> To: \n Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2009-06-09 15:07:00,012 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started From: Fail2Ban <> To: \n Hi,\n The jail has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2009-06-09 15:07:00,013 fail2ban.actions.action: INFO Set actionUnban = 2009-06-09 15:07:00,013 fail2ban.actions.action: INFO Set actionCheck = 2009-06-09 15:07:00,014 fail2ban.jail : INFO Using Gamin 2009-06-09 15:07:00,015 fail2ban.filter : INFO Created Filter 2009-06-09 15:07:00,015 fail2ban.filter : INFO Created FilterGamin 2009-06-09 15:07:00,015 fail2ban.filter : INFO Set maxRetry = 3 2009-06-09 15:07:00,016 fail2ban.comm : WARNING Invalid command: ['set', 'ssh-tcpwrapper', 'ignoreregex', 'for myuser from'] This doesn't look like any of the logs I've seen elsewhere. Edit: I believe I enabled two conflicting jails. I'm now getting sane messages in my logs, and the email confirmations are working. Still not sure what's safe to use in conjunction with ISPC3, but I'll go with it for now.
ISPConfig is just displaying the log file in its monitor, so there is nothing safe or unsafe regarding fail2ban.
