| 1 |
I have already played with it and concluded that fail2ban missed it...in |
| 2 |
my previous mail its mentioned that |
| 3 |
|
| 4 |
#fail2ban-regex /var/log/auth.log |
| 5 |
/etc/fail2ban/filter.d/proftpd.conf|grep 124.205.130.15 |
| 6 |
|
| 7 |
Nothing in the output, that means it has just missed to ban this guy. |
| 8 |
|
| 9 |
Kerin did mention that this is an issue on the regex, that it captures |
| 10 |
the guy who played with an unknown user and not because a user tried 3 |
| 11 |
times. |
| 12 |
|
| 13 |
Honestly, I would love to get to solve the issue as this is obviously |
| 14 |
not the intention. |
| 15 |
The idea was to BAN any IP regardless of the user is defined on the box |
| 16 |
or not. |
| 17 |
|
| 18 |
P:S |
| 19 |
I havent looked on those filter yet, I was on holiday since yesterday so |
| 20 |
probably tomorrow I will get time to check if I can put my hands dirty |
| 21 |
on this subject. |
| 22 |
|
| 23 |
GR |
| 24 |
mrfroasty |
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
GR |
| 30 |
mrfroasty |
| 31 |
|
| 32 |
Homer Parker wrote: |
| 33 |
> On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote: |
| 34 |
> |
| 35 |
>> Actually we are talking about proftp deamon analysed using |
| 36 |
>> /var/log/auth.log. |
| 37 |
>> |
| 38 |
> |
| 39 |
> You can play with fail2ban-regex and see what it thinks. |
| 40 |
> |
| 41 |
> |
| 42 |
|
| 43 |
|
| 44 |
-- |
| 45 |
Extra details: |
| 46 |
OSS:Gentoo Linux |
| 47 |
profile:x86 |
| 48 |
Hardware:msi geforce 8600GT asus p5k-se |
| 49 |
location:/home/muhsin |
| 50 |
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS |
| 51 |
Typo:40WPM |
| 52 |
url:http://www.mzalendo.net |
Archives