A fresh installation of ISPConfig 3.0.1.3 on Ubuntu Server 9.04 Minimal (as offered as install-image by Hetzner) with all necessary steps according to The Perfect Server - Ubuntu 9.04 [ISPConfig 3] executed. When I enter the Monitor module "System State (All Servers) >> Show Overview" everything looks OK, except the warning of "Your Virus-protection is OUTDATED!" due to the latest upgrade of ClamAV not being in the Ubuntu repos (so nothing to worry about). When I enter "System State (All Servers) >> Show System-Log", the log (ISPConfig Protokoll) seems to be empty. Is this normal? Then the logfiles: Show Mail-Log Code: Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found decoder for .zoo at /usr/bin/zoo Jun 26 08:46:58 <HOSTNAME> amavis[2750]: No decoder for .lha Jun 26 08:46:58 <HOSTNAME> amavis[2750]: No decoder for .doc tried: ripole Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found decoder for .cab at /usr/bin/cabextract Jun 26 08:46:58 <HOSTNAME> amavis[2750]: No decoder for .tnef Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Internal decoder for .tnef Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found decoder for .exe at /usr/bin/arj Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Using primary internal av scanner code for ClamAV-clamd Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.34, libdb 4.6 Jun 26 08:47:00 <HOSTNAME> spamd[2907]: logger: removing stderr method Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server started on port 783/tcp (running version 3.2.5) Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server pid: 2956 Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server successfully spawned child process, pid 3222 Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server successfully spawned child process, pid 3223 Jun 26 08:47:02 <HOSTNAME> spamd[2956]: prefork: child states: II Jun 26 08:47:04 <HOSTNAME> authdaemond: modules="authmysql", daemons=5 Jun 26 08:47:04 <HOSTNAME> authdaemond: Installing libauthmysql Jun 26 08:47:04 <HOSTNAME> authdaemond: Installation complete: authmysql Jun 26 08:47:05 <HOSTNAME> postfix/master[3510]: daemon started -- version 2.5.5, configuration /etc/postfix Jun 26 08:50:01 <HOSTNAME> pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 26 08:50:01 <HOSTNAME> pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 26 08:50:01 <HOSTNAME> imapd: Connection, ip=[::ffff:127.0.0.1] Jun 26 08:50:01 <HOSTNAME> imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 26 08:50:02 <HOSTNAME> postfix/smtpd[3786]: connect from localhost[127.0.0.1] Jun 26 08:50:02 <HOSTNAME> postfix/smtpd[3786]: lost connection after CONNECT from localhost[127.0.0.1] Jun 26 08:50:02 <HOSTNAME> postfix/smtpd[3786]: disconnect from localhost[127.0.0.1] Jun 26 08:55:01 <HOSTNAME> pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 26 08:55:01 <HOSTNAME> pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 26 08:55:01 <HOSTNAME> imapd: Connection, ip=[::ffff:127.0.0.1] Jun 26 08:55:01 <HOSTNAME> imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 26 08:55:01 <HOSTNAME> postfix/smtpd[3893]: connect from localhost[127.0.0.1] Jun 26 08:55:01 <HOSTNAME> postfix/smtpd[3893]: lost connection after CONNECT from localhost[127.0.0.1] Jun 26 08:55:01 <HOSTNAME> postfix/smtpd[3893]: disconnect from localhost[127.0.0.1] Jun 26 09:00:01 <HOSTNAME> imapd: Connection, ip=[::ffff:127.0.0.1] Jun 26 09:00:01 <HOSTNAME> imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0 Jun 26 09:00:01 <HOSTNAME> pop3d: Connection, ip=[::ffff:127.0.0.1] Jun 26 09:00:01 <HOSTNAME> pop3d: Disconnected, ip=[::ffff:127.0.0.1] Jun 26 09:00:01 <HOSTNAME> postfix/smtpd[3986]: connect from localhost[127.0.0.1] Jun 26 09:00:01 <HOSTNAME> postfix/smtpd[3986]: lost connection after CONNECT from localhost[127.0.0.1] Jun 26 09:00:01 <HOSTNAME> postfix/smtpd[3986]: disconnect from localhost[127.0.0.1] Since amavis was missing some decoders, I just installed lha, ripole, tnef and ytnef, just to be sure. But what about these "Connection", "Disconnected" and "lost connection after CONNECT" messages every 5 minutes? Is this the normal behavior when idle? Show System-Log Code: Jun 26 08:47:05 <HOSTNAME> kernel: [ 79.412564] warning: `pure-ftpd-mysql' uses 32-bit capabilities (legacy support in use) Jun 26 08:50:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] New connection from localhost Jun 26 08:50:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] Logout. Jun 26 08:55:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] New connection from localhost Jun 26 08:55:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] Logout. Jun 26 09:00:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] New connection from localhost Jun 26 09:00:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] Logout. Do these messages from pure-ftpd all 5 minutes show normal behavior? Show ISPC Cron-Log Code: Error: configuration file /etc/getmail/*.conf does not exist /usr/share/getmail4/getmailcore/baseclasses.py:26: DeprecationWarning: the sets module is deprecated import sets Error: configuration file /etc/getmail/*.conf does not exist /usr/share/getmail4/getmailcore/baseclasses.py:26: DeprecationWarning: the sets module is deprecated import sets Error: configuration file /etc/getmail/*.conf does not exist /usr/share/getmail4/getmailcore/baseclasses.py:26: DeprecationWarning: the sets module is deprecated import sets What about these getmail messages, which repeat themselves all over? Show Clamav-Log: All looking good, except "Not loading PUA signatures.", whatever that means. Does anybody know? Show RKHunter-Log: All looking good, except 4 warnings Code: /usr/bin/awk [ Warning ] Warning: The file properties have changed: File: /usr/bin/awk Current hash: 22d642d0b17926f529007e87ceb285526d49e40a Stored hash : 98a26834b3be4feb92d1db861490800742805128 /usr/bin/gawk [ Warning ] Warning: The file '/usr/bin/gawk' exists on the system, but it is not present in the rkhunter.dat file. /usr/sbin/unhide [ Warning ] Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file. /usr/sbin/unhide-linux26 [ Warning ] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file. System checks summary ===================== File properties checks... Files checked: 125 Suspect files: 4 Rootkit checks... Rootkits checked : 110 Possible rootkits: 0 Applications checks... Applications checked: 4 Suspect applications: 0 I guess, that's nothing to worry about, nevertheless it would be nice, if this could be fixed, because if you configure an email address in /etc/rkhunter.conf, it will inform you about these warnings every time the system is checked. Any idea? Show fail2ban-Log Code: fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 fail2ban.server : ERROR Unexpected communication error fail2ban.jail : INFO Creating new jail 'ssh' fail2ban.jail : INFO Jail 'ssh' uses poller fail2ban.server : ERROR Unexpected communication error fail2ban.filter : INFO Added logfile = /var/log/auth.log fail2ban.server : ERROR Unexpected communication error fail2ban.filter : INFO Set maxRetry = 6 fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.filter : INFO Set findtime = 600 fail2ban.server : ERROR Unexpected communication error fail2ban.actions: INFO Set banTime = 600 fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.server : ERROR Unexpected communication error fail2ban.jail : INFO Jail 'ssh' started fail2ban.server : ERROR Unexpected communication error That's the snippet since the latest restart, which I did just now. Does fail2ban need to be configured, or is it supposed to work right out of the box? Is there any more info, what to do, to get it working on an installation with a typical ISPConfig 3 setup? I know, that kind of stuff is not really ISPConfig related, since ISPConfig only shows the logs, but nevertheless it would be nice to get some recommendations. This is my first real-life experience with ISPConfig 3, and I just want to be sure, that everything is setup correctly, before I start using it.
This happens because you didn't configure any fetchmail account in ISPConfig; this is nothing to worry about.
To fix the error messages you're getting in your fail2ban.lo you need to upgrade your python version to 2.5 follow the steps below. 2009-06-19 21:07:28,487 fail2ban.server : ERROR Unexpected communication error It's related to the python version, some type o incompatibility with ubuntu 9.04, this is what you had to do to fix this error: 1. Install python2.5 ( sudo aptitude install python2.5 ) 2. edit file /usr/bin/fail2ban-server , change the very first line "#!/usr/bin/python" to "#/usr/bin/python2.5" 3. restart fail2ban Go click on the link below, it will help you setup fail2ban for your ftp server as well. http://howtoforge.net/forums/showthread.php?t=36791
