1 |
I have already played with it and concluded that fail2ban missed it...in |
2 |
my previous mail its mentioned that |
3 |
|
4 |
#fail2ban-regex /var/log/auth.log |
5 |
/etc/fail2ban/filter.d/proftpd.conf|grep 124.205.130.15 |
6 |
|
7 |
Nothing in the output, that means it has just missed to ban this guy. |
8 |
|
9 |
Kerin did mention that this is an issue on the regex, that it captures |
10 |
the guy who played with an unknown user and not because a user tried 3 |
11 |
times. |
12 |
|
13 |
Honestly, I would love to get to solve the issue as this is obviously |
14 |
not the intention. |
15 |
The idea was to BAN any IP regardless of the user is defined on the box |
16 |
or not. |
17 |
|
18 |
P:S |
19 |
I havent looked on those filter yet, I was on holiday since yesterday so |
20 |
probably tomorrow I will get time to check if I can put my hands dirty |
21 |
on this subject. |
22 |
|
23 |
GR |
24 |
mrfroasty |
25 |
|
26 |
|
27 |
|
28 |
|
29 |
GR |
30 |
mrfroasty |
31 |
|
32 |
Homer Parker wrote: |
33 |
> On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote: |
34 |
> |
35 |
>> Actually we are talking about proftp deamon analysed using |
36 |
>> /var/log/auth.log. |
37 |
>> |
38 |
> |
39 |
> You can play with fail2ban-regex and see what it thinks. |
40 |
> |
41 |
> |
42 |
|
43 |
|
44 |
-- |
45 |
Extra details: |
46 |
OSS:Gentoo Linux |
47 |
profile:x86 |
48 |
Hardware:msi geforce 8600GT asus p5k-se |
49 |
location:/home/muhsin |
50 |
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS |
51 |
Typo:40WPM |
52 |
url:http://www.mzalendo.net |