My fail2ban log is showing following entries ....I am not sure if it is really working. Can someone help with this? I am interested in blocking failed SSH and SMTP, POP attempts. Richard -------------------------------------------------------------------- 2010-12-09 01:03:28,945 fail2ban.actions.action: INFO Set actionUnban = 2010-12-09 01:03:28,946 fail2ban.actions.action: INFO Set actionCheck = 2010-12-09 01:49:26,359 fail2ban.jail : INFO Using Gamin 2010-12-09 01:49:26,387 fail2ban.filter : INFO Created Filter 2010-12-09 01:49:26,442 fail2ban.filter : INFO Created FilterGamin 2010-12-09 01:49:26,445 fail2ban.filter : INFO Added logfile = /var/log/secure 2010-12-09 01:49:26,449 fail2ban.filter : INFO Set maxRetry = 5 2010-12-09 01:49:26,450 fail2ban.filter : INFO Set findtime = 600 2010-12-09 01:49:26,451 fail2ban.actions: INFO Set banTime = 600 2010-12-09 01:49:26,495 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP 2010-12-09 01:49:26,496 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban- iptables -F fail2ban- iptables -X fail2ban- 2010-12-09 01:49:26,497 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban- iptables -A fail2ban- -j RETURN iptables -I INPUT -p --dport -j fail2ban- 2010-12-09 01:49:26,498 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP 2010-12-09 01:49:26,498 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban- 2010-12-09 01:49:26,501 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned From: Fail2Ban <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here are more information about :\n `/usr/bin/whois `\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2010-12-09 01:49:26,502 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped From: Fail2Ban <> To: \n Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2010-12-09 01:49:26,503 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started From: Fail2Ban <> To: \n Hi,\n The jail has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2010-12-09 01:49:26,504 fail2ban.actions.action: INFO Set actionUnban = 2010-12-09 01:49:26,505 fail2ban.actions.action: INFO Set actionCheck = 2010-12-12 04:02:36,282 fail2ban.filter : INFO Log rotation detected for /var/log/secure 2010-12-12 05:01:16,548 fail2ban.filter : INFO Log rotation detected for /var/log/secure 2010-12-14 17:56:29,153 fail2ban.jail : INFO Using Gamin 2010-12-14 17:56:29,290 fail2ban.filter : INFO Created Filter 2010-12-14 17:56:29,451 fail2ban.filter : INFO Created FilterGamin 2010-12-14 17:56:29,464 fail2ban.filter : INFO Added logfile = /var/log/secure 2010-12-14 17:56:29,470 fail2ban.filter : INFO Set maxRetry = 5 2010-12-14 17:56:29,471 fail2ban.filter : INFO Set findtime = 600 2010-12-14 17:56:29,472 fail2ban.actions: INFO Set banTime = 600 2010-12-14 17:56:29,523 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban- 1 -s -j DROP 2010-12-14 17:56:29,523 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p --dport -j fail2ban- iptables -F fail2ban- iptables -X fail2ban- 2010-12-14 17:56:29,524 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban- iptables -A fail2ban- -j RETURN iptables -I INPUT -p --dport -j fail2ban- 2010-12-14 17:56:29,525 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban- -s -j DROP 2010-12-14 17:56:29,526 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban- 2010-12-14 17:56:29,529 fail2ban.actions.action: INFO Set actionBan = printf %b "Subject: [Fail2Ban] : banned From: Fail2Ban <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here are more information about :\n `/usr/bin/whois `\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2010-12-14 17:56:29,530 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped From: Fail2Ban <> To: \n Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2010-12-14 17:56:29,531 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started From: Fail2Ban <> To: \n Hi,\n The jail has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f 2010-12-14 17:56:29,532 fail2ban.actions.action: INFO Set actionUnban = 2010-12-14 17:56:29,533 fail2ban.actions.action: INFO Set actionCheck = 2010-12-14 18:30:40,531 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH iptables -F fail2ban-SSH iptables -X fail2ban-SSH returned 100
Hi, There are no blocked IPs in the iptables list command output. Should I upload my fail2ban config files? Which files I should upload? Richard
you should read chapter 6.5 of the manual you might have to make some modifications in the configuration files if your distribution is not Debian/Ubuntu
Hi, I dont have access to manual ... I feel I will uninstall the fail2ban and install again. What will be the correct way to do so? yum remove fail2ban? Richard
