Fail2ban talk:Community Portal

From Fail2ban
Revision as of 04:24, 16 January 2009 by Seanster (talk | contribs) (→‎Log Prefix Regex: new section)
Jump to navigationJump to search

RoB:

Hi, i try to make a fail2ban-package for a famous Opensource-Webhosting platform (www.bluequartz.org). BQ is based on CentOS4 (python >=2.3), so we have to use fail2ban-0.6.x. It includes the proftpd-1.2.x, so i tried to figure out the correct regex for the following logentrys in /var/log/secure: 

 unknown user:
 Jan 25 04:01:05 hostname proftpd[10476]: hostname.domain.com (1.2.3.4[1.2.3.4]) - USER xxxx: no such user found from 1.2.3.4 [1.2.3.4] to 2.3.4.5:21

 existing user, wrong pw:
 Jan 25 04:02:03 hostname proftpd[10495]: hostname.domain.com (1.2.3.4[1.2.3.4]) - USER rob (Login failed): Incorrect password.

But i didnt succeed. Maybe u can help me with that. I cant update to CentOS5 and/or python>=2.4.

Thanx for that wonderful tool :)


I am finding this error a few times on different scripts when installing on CentOS

byte-compiling /usr/share/fail2ban/server/mytime.py to mytime.pyc 

 File "/usr/share/fail2ban/server/mytime.py", line 49
   @staticmethod
   ^

SyntaxError: invalid syntax

Any ideas

Are you sure that you have Python 2.4? Annotations are available since Python 2.4. --Lostcontrol 15:53, 8 May 2007 (CEST)

I got 2.4.3 root@usa2 [~]# python -V Python 2.4.3

I installed 2.5.1 and still the same problem.

Now it is working the version 0.6.2 installed from an RPM. I will try again 0.8.0 but later. Thanks

Can someone tell me why I´m getting these errors with fail2ban? 

2007-07-07 17:22:09,608 fail2ban.actions.action: CRITICAL Unable to restore environment
2007-07-08 01:57:43,008 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp --dport http -j fail2ban-apache
iptables -F fail2ban-apache
iptables -X fail2ban-apache returned 100
2007-07-08 01:57:43,933 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp --dport ssh -j fail2ban-ssh
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh returned 100

I´m using Debian Etch

Thanks!

Please use mailing-list for support next time. It seems that your iptables setup (related to fail2ban) get changed while fail2ban is running. Some firewall scripts/apps flush all rules when saving the changes. If fail2ban runs, it will not find its own chains anymore and will try to restore them. --Lostcontrol 09:57, 13 July 2007 (CEST)

Just tried to use latest build 0.8.1 and got thisd output

  1. fail2ban-client -h
 File "/usr/bin/fail2ban-client", line 360
   @staticmethod
   ^

SyntaxError: invalid syntax

I found a way to work around this problem with CentOS. Apparently CentOS has multiple versions of Python installed. Modify /usr/bin/fail2ban-client and /usr/bin/fail2ban-server so that the first line on each reads as follows: 

#!/usr/local/bin/python2.4

(or wherever the direct executable for python2.4 is). By default it reads as #!/usr/bin/python, which is apparently an earlier version of python. If you don't know where python2.4 is located, you can find it by typing the following: 

whereis python2

--rojo 14:36, 30 Oct 2007 (EST)

In the FAQ this line is not very clear

"You probably have the sendmail command. Copy /etc/fail2ban/action.d/mail-whois.conf to /etc/fail2ban/action.d/mail-whois.local, edit this file and replace mail with sendmail. Here is an example:"

which is "this" file mail-whois.local is what it sounds like

That's correct. You have to edit mail-whois.local. --Lostcontrol 10:17, 13 September 2007 (CEST)


Hello,

I have a CentOS 4 VPS with Python 2.3.

When I restart fail2ban I get this error:

" File "/usr/bin/fail2ban-client", line 360 

  @staticmethod

   ^

SyntaxError: invalid syntax "


I made sure to change the paths to #!/usr/local/bin/python2.3 in both /usr/bin/fail2ban-client and /usr/bin/fail2ban-server but it still does not work.

Are there any other ideas?

Thanks



Client/Server Question

What is the purpose/reason to have the server and client separate? Couldn't find this in the wiki, maybe it should be placed in the FAQ?

Memory Usage (160MB for fail2ban-server)

Hi, i like the concept of fail2ban ... but i run it on a Virtul Box ...

The fail2ban-server Prozess need 160MB ... for what ??? its my config/system bugy ?? or its normal ??

I used it on Ubuntu 7.04 Phyton 2.5.3 and de Fail2Ban v0.8.3

Christmas gift - version 0.9 these days ?

Hi - I heavily appreciate fail2ban. Just these days I am configuring 2 new servers opensuse and would love to include some of the new / wish features listed by others above. Like server-IP as sender subject line or so mentioned earlier.

Since we have Christmas time, I was wondering if we may get a Christmas gift - version 0.9 these days ?? Traffic is drastically increasing day by day, so is hacker activity during the weeks before Christmas. Added security let's us sleep much better.

Log Prefix Regex

Can anyone tell me how to recognize this datestamp prefix? I recently upgraded rsyslogd and it changed my log format. I'd rather change fail2ban than change my log back to the old format. Do I have to edit the source code or can it be done in the filter? If it's only in the source code is there any good reason why it isn't done in the filter?

2009-01-15T20:59:46.201822-05:00 nro sshd[5978]: Failed password for invalid user antoine from 116.122.36.95 port 45379 ssh2

BTW Mine is a mail server and I have 50K to 80K bans in iptables. After I reboot I get hammered for days!

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Fail2ban_talk:Community_Portal&oldid=2337"