Code: 2013-11-12 20:12:31,644 fail2ban.actions.action: ERROR iptables -N fail2ban-apache iptables -A fail2ban-apache -j RETURN iptables -I INPUT -p tcp --dport http -j fail2ban-apache returned 200 2013-11-12 20:12:31,650 fail2ban.actions.action: ERROR iptables -N fail2ban-pop3d iptables -A fail2ban-pop3d -j RETURN iptables -I INPUT -p tcp --dport pop3 -j fail2ban-pop3d returned 400 /etc/fail2ban/jail.local looks like this <sniped> Code: [apache] enabled = true port = http filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 5 [pop3d] enabled = true port = pop3 filter = pop3d logpath = /var/log/mail.log maxretry = 5 /etc/fail2ban/filter.d/apache-auth.conf Code: # Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 728 $ # [Definition] # Option: failregex # Notes.: regex to match the password failure messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # failregex = [[]client <HOST>[]] user .* authentication failure [[]client <HOST>[]] user .* not found [[]client <HOST>[]] user .* password mismatch # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = /etc/fail2ban/filter.d/pop3d.conf Code: # Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 510 $ # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # failregex = pop3d: LOGIN FAILED.*ip=\[.*:<HOST>\] # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = PLEASE HELP
