Sorry, I meant this to go to the list...
On 12/21/2013 12:01 PM, François Patte wrote:
Bonjour,
I try to configure fail2ban in order to ban IP which try to connect to
directories protected by .htaccess.
Here is my [apache] section in jail.conf:
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 3
But I tested filling the auth form with erroneous login/password and
nothing happens! Nothing appeared in /var/log/fail2ban.log...
You did stop and restart fail2ban after making the changes, right?
I don't use Apache authorization on any of my sites, so I can't
duplicate your problem. However, look at your
/var/log/apache2.error.log - what is the entry you get there when you
get an authorization failure? (btw - I don't use wildcards in my
fail2ban entries - don't know if it makes a difference or not.)
Then look at /etc/fail2ban/filter.d - the regex in there must match the
entry in your /var/log/apache2/error.log file. The regex in your
apache-auth.conf file must match the entry in your error.log file for
fail2ban to work (I've found not all fail2ban regex's are accurate).
I tried the same for ssh connections and the IP of the computer from
which I tried was banned after the third attempt.
What is missing in my config?
Here is the ssh section in jail.conf:
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
Thanks
See above.
As a side, I use iptables ipt_recent module to handle ssh violations. I
find it more reliable (no waiting for log entries to be written out).
Jerry
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52b655f8.70...@attglobal.net