So I never really got round to looking at configuring fail2ban since following the perfect server guide for debian. I was looking around the monitor tab on ISPConfig3 and noticed Code: fail2ban is not installed at this server. See more (for debian) I was dead certain it was installed so I figured I would status the service Code: ● fail2ban.service - LSB: Start/stop fail2ban Loaded: loaded (/etc/init.d/fail2ban) Active: active (exited) since Fri 2016-04-22 10:31:27 EDT; 4 days ago Process: 10343 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS) Process: 10352 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS) Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. I figured I would restart the service due to seeing "exited", I did that and did a fresh status and noticed so new errors: Code: ● fail2ban.service - LSB: Start/stop fail2ban Loaded: loaded (/etc/init.d/fail2ban) Active: active (exited) since Wed 2016-04-27 03:35:57 EDT; 1s ago Process: 28708 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS) Process: 28717 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS) Apr 27 03:35:57 web fail2ban[28717]: Starting authentication failure monitor: fail2banERROR Found no accessible config files for 'filter.d/pureftpd' under /etc/fail2ban Apr 27 03:35:57 web fail2ban[28717]: ERROR Unable to read the filter Apr 27 03:35:57 web fail2ban[28717]: ERROR Errors in jail 'pureftpd'. Skipping... Apr 27 03:35:57 web fail2ban[28717]: ERROR Found no accessible config files for 'filter.d/dovecot-pop3imap' under /etc/fail2ban Apr 27 03:35:57 web fail2ban[28717]: ERROR Unable to read the filter Apr 27 03:35:57 web fail2ban[28717]: ERROR Errors in jail 'dovecot-pop3imap'. Skipping... Apr 27 03:35:57 web fail2ban[28717]: failed! I ran a phpupdate from the ISP installer and this hasn't fixed the issue, should I be worried by this?
It looks like it could be an issue with your config files What is the output of /etc/fail2ban/jail.local /etc/fail2ban/filter.d/dovecot-pop3imap /etc/fail2ban/filter.d/pureftpd
/etc/fail2ban/jail.local Code: [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [postfix-sasl] enabled = true port = smtp filter = postfix-sasl logpath = /var/log/mail.log maxretry = 3 The others don't exist, I guess that is the issue? These do exist though Code: ls | grep dove dovecot.conf Code: ls | grep pure pure-ftpd.conf
On second look: https://www.howtoforge.com/tutorial...-bind-dovecot-ispconfig-3/2/#-install-failban My filers were messed up, tons of ascii symbols, typos etc. Not sure what happend, but it appears to work now? Code: ● fail2ban.service - LSB: Start/stop fail2ban Loaded: loaded (/etc/init.d/fail2ban) Active: active (running) since Wed 2016-04-27 11:05:51 EDT; 1s ago Process: 14076 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS) Process: 14085 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS) CGroup: /system.slice/fail2ban.service └─14096 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid Apr 27 11:05:51 web fail2ban[14085]: Starting authentication failure monitor: fail2ban.
Ha, yes I ran a puppet noop and realised it wanted to mess up all the files. I guess it was a late night when I wrote that manifest! XD Thanks man https://bitbucket.org/antcleaves/ispconfig-manifest/issues/1/fix-fail2ban-configs
