Danke erstmal für die Rückmeldung.
Doch ssh läuft auf Port 22.. hatte schonmal versucht den auf einen anderen Port zu legen, aber dann konnte ich mich nicht mehr einloggen.
Naja hier also die Ausgabe meiner fail2ban.log(ziemlich lang):
2007-11-05 10:38:47,482 fail2ban.jail : INFO Using poller
2007-11-05 10:38:47,571 fail2ban.filter : INFO Created Filter
2007-11-05 10:38:47,571 fail2ban.filter : INFO Created FilterPoll
2007-11-05 10:38:47,576 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 10:38:47,578 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 10:38:47,581 fail2ban.filter : INFO Set findtime = 600
2007-11-05 10:38:47,582 fail2ban.actions: INFO Set banTime = 600
2007-11-05 10:38:47,619 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 10:38:47,623 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 10:38:47,625 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2007-11-05 10:38:47,626 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 10:38:47,628 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 10:56:42,801 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 10:56:44,529 fail2ban.jail : INFO Using poller
2007-11-05 10:56:44,551 fail2ban.filter : INFO Created Filter
2007-11-05 10:56:44,551 fail2ban.filter : INFO Created FilterPoll
2007-11-05 10:56:44,554 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 10:56:44,557 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 10:56:44,563 fail2ban.filter : INFO Set findtime = 600
2007-11-05 10:56:44,565 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 10:56:44,600 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 10:56:44,601 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 10:56:44,605 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2007-11-05 10:56:44,607 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 10:56:44,609 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 11:23:17,999 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 11:23:19,782 fail2ban.jail : INFO Using poller
2007-11-05 11:23:19,804 fail2ban.filter : INFO Created Filter
2007-11-05 11:23:19,804 fail2ban.filter : INFO Created FilterPoll
2007-11-05 11:23:19,806 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 11:23:19,808 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 11:23:19,809 fail2ban.comm : WARNING Invalid command: ['set', 'proftpd', 'failregex', 'proftpd: \\(pam_unix\\) authentication failure; .* rhost=<HOST>']
2007-11-05 11:35:00,030 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 12:58:56,827 fail2ban.jail : INFO Using poller
2007-11-05 12:58:56,851 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:56,851 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:56,854 fail2ban.filter : INFO Set maxRetry = 5
2007-11-05 12:58:56,857 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:56,859 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:56,898 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 12:58:56,900 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 12:58:56,902 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 12:58:56,904 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 12:58:56,905 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 12:58:56,916 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,919 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,921 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,923 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:56,926 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:56,932 fail2ban.jail : INFO Using poller
2007-11-05 12:58:56,935 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:56,935 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:56,938 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 12:58:56,940 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 12:58:56,942 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:56,945 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:56,964 fail2ban.actions.action: INFO Set actionBan = ipaction add deny tcp from <ip> to <localhost> <port>
2007-11-05 12:58:56,966 fail2ban.actions.action: INFO Set actionStop =
2007-11-05 12:58:56,967 fail2ban.actions.action: INFO Set actionStart =
2007-11-05 12:58:56,969 fail2ban.actions.action: INFO Set actionUnban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
2007-11-05 12:58:56,970 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:56,981 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,986 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,988 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,991 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:56,992 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:57,002 fail2ban.jail : INFO Using poller
2007-11-05 12:58:57,003 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:57,003 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:57,004 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 12:58:57,009 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:57,011 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:57,022 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 12:58:57,026 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 12:58:57,026 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 12:58:57,027 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 12:58:57,029 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 12:58:57,038 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,042 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,044 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,045 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:57,047 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:57,052 fail2ban.jail : INFO Using poller
2007-11-05 12:58:57,052 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:57,055 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:57,057 fail2ban.filter : INFO Set maxRetry = 1
2007-11-05 12:58:57,059 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:57,061 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:57,123 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 12:58:57,127 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 12:58:57,129 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2007-11-05 12:58:57,131 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 12:58:57,132 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 12:58:57,140 fail2ban.actions.action: INFO Set actionBan = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
if [ $LINE -eq <lines> ]; then
echo -en "Subject: [Fail2Ban] <name>: summary
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
rm <tmpfile>
fi
2007-11-05 12:58:57,143 fail2ban.actions.action: INFO Set actionStop = if [ -f <tmpfile> ]; then
echo -en "Subject: [Fail2Ban] <name>: summary
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
rm <tmpfile>
fi
echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,145 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,147 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:57,148 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:59:18,278 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 13:01:51,451 fail2ban.jail : INFO Using poller
2007-11-05 13:01:51,475 fail2ban.filter : INFO Created Filter
2007-11-05 13:01:51,475 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:01:51,481 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:01:51,483 fail2ban.filter : INFO Set maxRetry = 5
2007-11-05 13:01:51,485 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:01:51,487 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:01:51,528 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:01:51,531 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:01:51,533 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:01:51,534 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:01:51,535 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:01:51,550 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,552 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,555 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,556 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:01:51,557 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:01:51,567 fail2ban.jail : INFO Using poller
2007-11-05 13:01:51,567 fail2ban.filter : INFO Created Filter
2007-11-05 13:01:51,567 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:01:51,568 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:01:51,573 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 13:01:51,577 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:01:51,578 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:01:51,595 fail2ban.actions.action: INFO Set actionBan = ipaction add deny tcp from <ip> to <localhost> <port>
2007-11-05 13:01:51,600 fail2ban.actions.action: INFO Set actionStop =
2007-11-05 13:01:51,602 fail2ban.actions.action: INFO Set actionStart =
2007-11-05 13:01:51,603 fail2ban.actions.action: INFO Set actionUnban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
2007-11-05 13:01:51,606 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:01:51,616 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,618 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,623 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,626 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:01:51,628 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:01:51,637 fail2ban.jail : INFO Using poller
2007-11-05 13:01:51,638 fail2ban.filter : INFO Created Filter
2007-11-05 13:01:51,639 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:01:51,640 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:01:51,645 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 13:01:51,648 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:01:51,649 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:01:51,663 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:01:51,664 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:01:51,666 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:01:51,670 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:01:51,672 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:01:51,682 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,684 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,685 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,687 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:01:51,689 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:40,870 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 13:20:49,049 fail2ban.jail : INFO Using poller
2007-11-05 13:20:49,080 fail2ban.filter : INFO Created Filter
2007-11-05 13:20:49,080 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:20:49,086 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:20:49,090 fail2ban.filter : INFO Set maxRetry = 5
2007-11-05 13:20:49,095 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:20:49,101 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:20:49,153 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:20:49,156 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:20:49,160 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:20:49,168 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:20:49,170 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:20:49,185 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,190 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,193 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,194 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:20:49,201 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:49,210 fail2ban.jail : INFO Using poller
2007-11-05 13:20:49,210 fail2ban.filter : INFO Created Filter
2007-11-05 13:20:49,211 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:20:49,216 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:20:49,218 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 13:20:49,226 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:20:49,227 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:20:49,251 fail2ban.actions.action: INFO Set actionBan = ipaction add deny tcp from <ip> to <localhost> <port>
2007-11-05 13:20:49,253 fail2ban.actions.action: INFO Set actionStop =
2007-11-05 13:20:49,254 fail2ban.actions.action: INFO Set actionStart =
2007-11-05 13:20:49,255 fail2ban.actions.action: INFO Set actionUnban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
2007-11-05 13:20:49,257 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:49,267 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,268 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,274 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,277 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:20:49,278 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:49,288 fail2ban.jail : INFO Using poller
2007-11-05 13:20:49,290 fail2ban.filter : INFO Created Filter
2007-11-05 13:20:49,290 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:20:49,296 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:20:49,299 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 13:20:49,301 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:20:49,305 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:20:49,323 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:20:49,333 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:20:49,334 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:20:49,336 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:20:49,342 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:20:49,349 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,357 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,360 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,362 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:20:49,365 fail2ban.actions.action: INFO Set actionCheck =
hier meine jail.conf:
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 611 $
#
# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
bantime = 172800
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
# is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will choose Gamin if available and polling otherwise.
backend = auto
# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=MEINE MAIL@ADRESSE.tld, sender=fail2ban@mail.com]
logpath = /var/log/auth.log
maxretry = 5
[proftpd-iptables]
enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=MEINE MAIL@ADRESSE.tld]
logpath = /var/log/auth.log
maxretry = 6
# This jail forces the backend to "polling".
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you@mail.com]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=you@mail.com]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.
[apache-tcpwrapper]
enabled = false
filter = apache-auth
action = hostsdeny
logpath = /var/log/apache*/*access.log
/home/www/myhomepage/access.log
maxretry = 6
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[postfix-tcpwrapper]
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=you@mail.com]
logpath = /var/log/postfix.log
bantime = 300
# Do not ban anybody. Just report information about the remote host.
# A notification is sent at most every 600 seconds (bantime).
[vsftpd-notification]
enabled = false
filter = vsftpd
action = sendmail-whois[name=VSFTPD, dest=you@mail.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
# Same as above but with banning the IP address.
[vsftpd-iptables]
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@mail.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
[apache-badbots]
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
# Use shorewall instead of iptables.
[apache-shorewall]
enabled = false
filter = apache-noscript
action = shorewall
sendmail[name=Postfix, dest=you@mail.com]
logpath = /var/log/apache2/error_log
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines
# the variable "name" which contains a comma using "". The characters '' are
# valid too.
[ssh-ipfw]
enabled = true
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=MEINE MAIL@Adresse.tld]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
# channel lame-servers_file {
# file "/var/log/named/lame-servers.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category lame-servers {
# lame-servers_file;
# };
# }
#
# in your named.conf to provide proper logging.
# This jail blocks UDP traffic for DNS requests.
[named-refused-udp]
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
sendmail-whois[name=Named, dest=you@mail.com]
logpath = /var/log/named/lame-servers.log
ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests.
[named-refused-tcp]
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@mail.com]
logpath = /var/log/named/lame-servers.log
ignoreip = 168.192.0.1
Die Version die ich installiert habe ist: fail2ban (0.8.1-1~bpo31+1) [backports]
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.