Hi All, I am running a Debian wheezy (raspbian) server on a raspberry pi with the latest updates in. The issue at hand is that I am unable to get fail2ban to 'work'. The regex seems to work fine, as shown below: Code: :~# fail2ban-client status nginx-login Status for the jail: nginx-login |- filter | |- File list: /var/log/*.access.log | |- Currently failed: 7 | `- Total failed: 7 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0 and Code: :~# fail2ban-regex /var/log/nginx/*.access.log /etc/fail2ban/filter.d/nginx-login.conf Running tests ============= Use regex file : /etc/fail2ban/filter.d/nginx-login.conf Use log file : /var/log/nginx/*.access.log Results ======= Failregex |- Regular expressions: | [1] ^<HOST> -.*POST .*login.* HTTP/1\.." 200 | `- Number of matches: [1] 92 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary ======= Addresses found: [1] --here is a long list of IP addresses (92 nos. as seen below)-- Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 2130 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Year.Month.Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 0 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): <Month/Day/Year@Hour:Minute:Second> Success, the total number of match is 92 However, look at the above section 'Running tests' which could contain important information. the excerpt from the fail2ban log is as below: Code: 2013-07-06 02:20:59,662 fail2ban.filter : INFO Set maxRetry = 3 2013-07-06 02:20:59,686 fail2ban.filter : INFO Set findtime = 7200 2013-07-06 02:20:59,694 fail2ban.actions: INFO Set banTime = 86400 2013-07-06 02:20:59,790 fail2ban.jail : INFO Creating new jail 'nginx-proxy' 2013-07-06 02:20:59,792 fail2ban.jail : INFO Jail 'nginx-proxy' uses Gamin 2013-07-06 02:20:59,808 fail2ban.filter : INFO Added logfile = /var/log/nginx* 2013-07-06 02:20:59,881 fail2ban.filter : INFO Set maxRetry = 3 2013-07-06 02:20:59,905 fail2ban.filter : INFO Set findtime = 7200 2013-07-06 02:20:59,913 fail2ban.actions: INFO Set banTime = 86400 2013-07-06 02:21:00,018 fail2ban.jail : INFO Jail 'ssh' started 2013-07-06 02:21:00,133 fail2ban.jail : INFO Jail 'nginx-auth' started 2013-07-06 02:21:00,244 fail2ban.jail : INFO Jail 'nginx-login' started 2013-07-06 02:21:00,463 fail2ban.jail : INFO Jail 'nginx-badbots' started 2013-07-06 02:21:00,663 fail2ban.jail : INFO Jail 'nginx-noscript' started 2013-07-06 02:21:01,013 fail2ban.jail : INFO Jail 'nginx-proxy' started The important regex (nginx-login) in question above is to prevent automated login attempts to wordpress. I can't ever see any ban happening here in this log file. For reference, I am running a read only root system.
