|
|
| Line 1: |
Line 1: |
| | WXM0ZR <a href="http://bvcocyfzqvrv.com/">bvcocyfzqvrv</a>, [url=http://bjgmrhdwuwux.com/]bjgmrhdwuwux[/url], [link=http://yamqlmxvlnfn.com/]yamqlmxvlnfn[/link], http://ikjvoiugnttx.com/ | | WXM0ZR <a href="http://bvcocyfzqvrv.com/">bvcocyfzqvrv</a>, [url=http://bjgmrhdwuwux.com/]bjgmrhdwuwux[/url], [link=http://yamqlmxvlnfn.com/]yamqlmxvlnfn[/link], http://ikjvoiugnttx.com/ |
| | | | |
| − | == '''Troubleshooting''' ==
| + | Very good site. Thanks!!, http://usuarios.lycos.es/xiocjac/asia-bus3a/map.html diamond pear pendant shaped, mcms, http://usuarios.lycos.es/kasoxti/soft-dri62/map.html private label credit card, 8-)), http://usuarios.lycos.es/gokiwun/dgo-el-se7/map.html recipe for tomato sauce with basil, 8-), http://usuarios.lycos.es/xkygeye/aldi-gro66/map.html chopper county jett joan orange, tuvl, http://usuarios.lycos.es/clmjtcp/pheasantac/map.html course cuisine france french in, 11491, |
| − | | |
| − | === I have Postfix on my system but no "mail" command. How can I get e-mail notifications? ===
| |
| − | | |
| − | '''As of version 0.8.1, "mail" actions are deprecated. Please use the "sendmail" ones instead. E.g. sendmail-whois instead of mail-whois in your jail.[conf|local].'''
| |
| − | | |
| − | You probably have the ''sendmail'' command. Copy ''/etc/fail2ban/action.d/mail-whois.conf'' to ''/etc/fail2ban/action.d/mail-whois.local'', edit this file and replace ''mail'' with ''sendmail''. Here is an example:
| |
| − | | |
| − | actionban = echo -en "From:root <fail2ban>
| |
| − | To: <dest>
| |
| − | Subject: [Fail2Ban] <name>: banned <ip>
| |
| − | Hi,\n
| |
| − | The IP <ip> has just been banned by Fail2Ban after
| |
| − | <failures> attempts against <name>.\n\n
| |
| − | Here are more information about <ip>:\n
| |
| − | `whois <ip>`\n
| |
| − | Regards,\n
| |
| − | Fail2Ban"|sendmail -t
| |
| − | | |
| − | ''mail.conf'' can be modified too.
| |
| − | | |
| − | === Why do my CVS users using SSH getting blocked? ===
| |
| − | | |
| − | If you are using the Eclipse CVS integration with SSH, then each access of the CVS results in a failed access before a valid one is done. As a consequence your CVS users get banned from time to time.
| |
| − | | |
| − | === I get the error "Please check the format and your locale settings" ===
| |
| − | | |
| − | The error looks like this:
| |
| − | | |
| − | ERROR: time data did not match format: data=Mar 21 10:00:50 fmt=%b %d %H:%M:%S
| |
| − | ERROR: Please check the format and your locale settings.
| |
| − | | |
| − | This is a known bug. Since 0.6.1, {{Fail2ban}} uses your locale settings for date and time format. However, some daemons do not take care of locale and write their log messages using the POSIX standard. Please look at this [http://sourceforge.net/tracker/index.php?func=detail&aid=1457620&group_id=121032&atid=689044 bug] for more details.
| |
| − | | |
| − | You can try to override the LANG variable:
| |
| − | | |
| − | # LANG=en_US /etc/init.d/fail2ban restart
| |
| − | | |
| − | You can get all the available locale with:
| |
| − | | |
| − | # locale -a
| |
| − | | |
| − | === How do I increase verbosity? ===
| |
| − | | |
| − | In order to increase the verbosity of {{Fail2ban}}, use the command line option '''-vvv''' for '''fail2ban-client''' and '''fail2ban''' (only for 0.6.x). Set '''loglevel''' to '''4''' in ''/etc/fail2ban/fail2ban.conf'' (only for > 0.6.x).
| |
| − | | |
| − | [[Category:Documentation]]
| |
| − | | |
| − | === Fail2ban is running but not banning SSH bruteforce ===
| |
| − | '''NB''':This example is based on a Debian system, but can be easily done on any distro.
| |
| − | | |
| − | The package is well installed:
| |
| − | | |
| − | # dpkg -l |grep fail
| |
| − | ii fail2ban 0.8.1-2 bans IPs that
| |
| − | cause multiple authentication
| |
| − | | |
| − | The service is running:
| |
| − | | |
| − | # /etc/init.d/fail2ban status
| |
| − | Status of authentication failure monitor: fail2ban is running
| |
| − | | |
| − | SSH jail is set up and ready:
| |
| − | | |
| − | # fail2ban-client status
| |
| − | Status
| |
| − | |- Number of jail: 1
| |
| − | `- Jail list: ssh
| |
| − | | |
| − | SSH bruteforce logs are identified by fail2ban:
| |
| − | | |
| − | # fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
| |
| − | .... | |
| − | Success, the total number of match is 30
| |
| − | | |
| − | So, check that all your logs are synchronized: all logs files (auth.log, syslog,..) must use the same time reference (if your server is not very busy, there will probably be an important difference between the output of [http://unixhelp.ed.ac.uk/CGI/man-cgi?date ]date command and the last event logged in syslog. You can force to generate a log in syslog using the [http://unixhelp.ed.ac.uk/CGI/man-cgi?logger+1 logger] command and check then with the output of date command)
| |
| − |
| |
| − | # date
| |
| − | Wed Nov 28 13:49:02 CET 2007
| |
| − | # tail -2 /var/log/auth.log
| |
| − | Nov 28 13:39:12 <SERVERNAME> sudo: pam_unix(sudo:session): session opened for user roo
| |
| − | t by <user>(uid=0) | |
| − | Nov 28 13:39:12 <SERVERNAME> sudo: pam_unix(sudo:session): session closed for user roo
| |
| − | t
| |
| − | | |
| − | '''If time reference is not the same everywhere, then fail2ban won't ban any IP!'''
| |
