fail2ban.server : INFO Exiting Fail2ban

Discussion in 'Installation/Configuration' started by millpark10, May 5, 2014.

  1. millpark10

    millpark10 Member HowtoForge Supporter

    Hi
    After som internet searches this seems not to be an issue, but I want to be sure!
    Is the following in need of some interaction from me?
    (What is happening?)
    Code:
    2014-05-05 00:33:44,537 fail2ban.server : INFO Stopping all jails
    2014-05-05 00:33:45,224 fail2ban.jail : INFO Jail 'pureftpd' stopped
    2014-05-05 00:33:46,169 fail2ban.jail : INFO Jail 'dovecot-pop3imap' stopped
    2014-05-05 00:33:46,835 fail2ban.jail : INFO Jail 'ssh' stopped
    2014-05-05 00:33:46,836 fail2ban.server : INFO Exiting Fail2ban
    2014-05-05 00:35:44,713 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2014-05-05 00:35:44,722 fail2ban.jail : INFO Creating new jail 'ssh'
    2014-05-05 00:35:44,762 fail2ban.jail : INFO Jail 'ssh' uses Gamin
    2014-05-05 00:35:44,894 fail2ban.filter : INFO Added logfile = /var/log/auth.log
    2014-05-05 00:35:44,895 fail2ban.filter : INFO Set maxRetry = 6
    2014-05-05 00:35:44,897 fail2ban.filter : INFO Set findtime = 600
    2014-05-05 00:35:44,898 fail2ban.actions: INFO Set banTime = 600
    2014-05-05 00:35:44,956 fail2ban.jail : INFO Creating new jail 'pureftpd'
    2014-05-05 00:35:44,957 fail2ban.jail : INFO Jail 'pureftpd' uses Gamin
    2014-05-05 00:35:44,959 fail2ban.filter : INFO Added logfile = /var/log/syslog
    2014-05-05 00:35:44,960 fail2ban.filter : INFO Set maxRetry = 3
    2014-05-05 00:35:44,962 fail2ban.filter : INFO Set findtime = 600
    2014-05-05 00:35:44,962 fail2ban.actions: INFO Set banTime = 600
    2014-05-05 00:35:44,972 fail2ban.jail : INFO Creating new jail 'dovecot-pop3imap'
    2014-05-05 00:35:44,972 fail2ban.jail : INFO Jail 'dovecot-pop3imap' uses Gamin
    2014-05-05 00:35:44,974 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2014-05-05 00:35:44,975 fail2ban.filter : INFO Set maxRetry = 5
    2014-05-05 00:35:44,977 fail2ban.filter : INFO Set findtime = 600
    2014-05-05 00:35:44,978 fail2ban.actions: INFO Set banTime = 600
    2014-05-05 00:35:45,001 fail2ban.jail : INFO Jail 'ssh' started
    2014-05-05 00:35:45,017 fail2ban.jail : INFO Jail 'pureftpd' started
    2014-05-05 00:35:45,027 fail2ban.jail : INFO Jail 'dovecot-pop3imap' started
    2014-05-05 06:48:51,731 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
    2014-05-05 16:16:24,958 fail2ban.actions: WARNING [pureftpd] Ban 60.176.104.75
    2014-05-05 16:26:25,608 fail2ban.actions: WARNING [pureftpd] Unban 60.176.104.75
    Thanks,
    //millpark10
     
  2. srijan

    srijan New Member HowtoForge Supporter

    According to your logs
    A log file grows without bound unless action is taken and this can cause problems. A solution to this generic problem of log file growth is log rotation. This involves the regular (nightly or weekly, typically) moving of an existing log file to some other file name and starting fresh with an empty log file. After a period the old log files get thrown away.

    See also link

    The ban and unban is ok, its the purpose of fail2ban and the log file shows that it works as intended. Fail2ban bans a ip if there are too many failed login attemps from that ip and it eill unban the ip after some time to avoid that your users get blocked permanently. This is useful and nescessary this does not has to be an attack, it can simply be a normal ftp client were soeone entered a wrong password which tries to auto reconnect.
    Banning aind unbanning is done with iptables, so you can ban ips also manually. Your lient ip should already be unbanned as the ban time on your server is most likely 10 minutes.
     

Share This Page