Package: fail2ban Version: 0.6.1-7bpo2 Followup-For: Bug #343821 2006-09-09 13:19:02,854 WARNING: Verbose level is 3 2006-09-09 13:19:02,866 WARNING: DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ EXECUTED BUT ONLY DISPLAYED IN THE LOG MESSAGES 2006-09-09 13:19:02,867 DEBUG: Created PID lock (10605) in /var/run/fail2ban.pid 2006-09-09 13:19:02,867 DEBUG: ConfFile is /etc/fail2ban.conf 2006-09-09 13:19:02,867 DEBUG: BanTime is 600 2006-09-09 13:19:02,868 DEBUG: FindTime is 600 2006-09-09 13:19:02,868 DEBUG: MaxFailure is 5 2006-09-09 13:19:02,868 DEBUG: MAIL: Accepted value enabled=False 2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value host='localhost' 2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value port=25 2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value from='[EMAIL PROTECTED]' 2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value to='[EMAIL PROTECTED]' 2006-09-09 13:19:02,870 DEBUG: MAIL: Accepted value user='' 2006-09-09 13:19:02,870 DEBUG: MAIL: Accepted value password='' 2006-09-09 13:19:02,870 DEBUG: MAIL: Accepted value localtime=True 2006-09-09 13:19:02,871 DEBUG: MAIL: Accepted value subject='[Fail2Ban] <section>: Banned <ip>' 2006-09-09 13:19:02,871 DEBUG: MAIL: Accepted value message='Hi,<br>\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <section>.<br>\nRegards,<br>\nFail2Ban' 2006-09-09 13:19:02,871 INFO: Fail2Ban v0.6.1 is running 2006-09-09 13:19:02,872 DEBUG: Found sections: ['VSFTPD', 'PROFTPD', 'ApacheAttacks', 'SSH', 'SASL', 'Apache'] 2006-09-09 13:19:02,872 DEBUG: VSFTPD: Accepted value enabled=False 2006-09-09 13:19:02,872 DEBUG: VSFTPD: Accepted value logfile='/var/log/vsftpd.log' 2006-09-09 13:19:02,872 DEBUG: VSFTPD: Accepted value maxfailures=5 2006-09-09 13:19:02,873 DEBUG: VSFTPD: Accepted value bantime=600 2006-09-09 13:19:02,873 DEBUG: VSFTPD: Accepted value findtime=600 2006-09-09 13:19:02,873 DEBUG: VSFTPD: Accepted value timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}' 2006-09-09 13:19:02,874 DEBUG: VSFTPD: Accepted value timepattern='%b %d %H:%M:%S' 2006-09-09 13:19:02,874 DEBUG: VSFTPD: Accepted value failregex='\\[.+\\] FAIL LOGIN: Client "(?P<host>\\S+)"$' 2006-09-09 13:19:02,874 DEBUG: VSFTPD: Accepted value fwstart='iptables -N fail2ban-VSFTPD\niptables -A fail2ban-VSFTPD -j RETURN\niptables -I INPUT -p tcp --dport ftp -j fail2ban-VSFTPD' 2006-09-09 13:19:02,875 DEBUG: VSFTPD: Accepted value fwend='iptables -D INPUT -p tcp --dport ftp -j fail2ban-VSFTPD\niptables -F fail2ban-VSFTPD\niptables -X fail2ban-VSFTPD' 2006-09-09 13:19:02,875 DEBUG: VSFTPD: Accepted value fwban='iptables -I fail2ban-VSFTPD 1 -s <ip> -j DROP' 2006-09-09 13:19:02,875 DEBUG: VSFTPD: Accepted value fwunban='iptables -D fail2ban-VSFTPD -s <ip> -j DROP' 2006-09-09 13:19:02,876 DEBUG: VSFTPD: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-VSFTPD' 2006-09-09 13:19:02,876 DEBUG: PROFTPD: Accepted value enabled=False 2006-09-09 13:19:02,876 DEBUG: PROFTPD: Accepted value logfile='/var/log/proftpd/proftpd.log' 2006-09-09 13:19:02,877 DEBUG: PROFTPD: Accepted value maxfailures=5 2006-09-09 13:19:02,877 DEBUG: PROFTPD: Accepted value bantime=600 2006-09-09 13:19:02,877 DEBUG: PROFTPD: Accepted value findtime=600 2006-09-09 13:19:02,878 DEBUG: PROFTPD: Accepted value timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}' 2006-09-09 13:19:02,878 DEBUG: PROFTPD: Accepted value timepattern='%b %d %H:%M:%S' 2006-09-09 13:19:02,878 DEBUG: PROFTPD: Accepted value failregex='USER \\S+: no such user found from \\S* ?\\[(?P<host>\\S+)\\] to \\S+\\s*$' 2006-09-09 13:19:02,879 DEBUG: PROFTPD: Accepted value fwstart='iptables -N fail2ban-PROFTPD\niptables -A fail2ban-PROFTPD -j RETURN\niptables -I INPUT -p tcp --dport ftp -j fail2ban-PROFTPD' 2006-09-09 13:19:02,879 DEBUG: PROFTPD: Accepted value fwend='iptables -D INPUT -p tcp --dport ftp -j fail2ban-PROFTPD\niptables -F fail2ban-PROFTPD\niptables -X fail2ban-PROFTPD' 2006-09-09 13:19:02,879 DEBUG: PROFTPD: Accepted value fwban='iptables -I fail2ban-PROFTPD 1 -s <ip> -j DROP' 2006-09-09 13:19:02,880 DEBUG: PROFTPD: Accepted value fwunban='iptables -D fail2ban-PROFTPD -s <ip> -j DROP' 2006-09-09 13:19:02,880 DEBUG: PROFTPD: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-PROFTPD' 2006-09-09 13:19:02,880 DEBUG: ApacheAttacks: Accepted value enabled=False 2006-09-09 13:19:02,881 DEBUG: ApacheAttacks: Accepted value logfile='/var/log/apache/access.log' 2006-09-09 13:19:02,881 DEBUG: ApacheAttacks: Accepted value maxfailures=2 2006-09-09 13:19:02,881 DEBUG: ApacheAttacks: Accepted value bantime=600 2006-09-09 13:19:02,882 DEBUG: ApacheAttacks: Accepted value findtime=600 2006-09-09 13:19:02,882 DEBUG: ApacheAttacks: Accepted value timeregex='\\d{2}/\\S{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2}' 2006-09-09 13:19:02,882 DEBUG: ApacheAttacks: Accepted value timepattern='%d/%b/%Y:%H:%M:%S' 2006-09-09 13:19:02,883 DEBUG: ApacheAttacks: Accepted value failregex='^(?P<host>\\S*) -.*"GET .*(?:awstats\\.pl\\?configdir=|index2\\.php\\?_REQUEST\\[option\\].*)\\|echo.*' 2006-09-09 13:19:02,883 DEBUG: ApacheAttacks: Accepted value fwstart='iptables -N fail2ban-ApacheAttacks\niptables -A fail2ban-ApacheAttacks -j RETURN\niptables -I INPUT -p tcp --dport http -j fail2ban-ApacheAttacks' 2006-09-09 13:19:02,883 DEBUG: ApacheAttacks: Accepted value fwend='iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacks\niptables -F fail2ban-ApacheAttacks\niptables -X fail2ban-ApacheAttacks' 2006-09-09 13:19:02,884 DEBUG: ApacheAttacks: Accepted value fwban='iptables -I fail2ban-ApacheAttacks 1 -s <ip> -j DROP' 2006-09-09 13:19:02,884 DEBUG: ApacheAttacks: Accepted value fwunban='iptables -D fail2ban-ApacheAttacks -s <ip> -j DROP' 2006-09-09 13:19:02,884 DEBUG: ApacheAttacks: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-ApacheAttacks' 2006-09-09 13:19:02,885 DEBUG: SSH: Accepted value enabled=True 2006-09-09 13:19:02,885 DEBUG: SSH: Accepted value logfile='/var/log/auth.log' 2006-09-09 13:19:02,885 DEBUG: SSH: Accepted value maxfailures=5 2006-09-09 13:19:02,886 DEBUG: SSH: Accepted value bantime=600 2006-09-09 13:19:02,886 DEBUG: SSH: Accepted value findtime=600 2006-09-09 13:19:02,886 DEBUG: SSH: Accepted value timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}' 2006-09-09 13:19:02,887 DEBUG: SSH: Accepted value timepattern='%b %d %H:%M:%S' 2006-09-09 13:19:02,887 DEBUG: SSH: Accepted value failregex=': (?:(?:Authentication failure|Failed [-/\\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\\S*)' 2006-09-09 13:19:02,887 DEBUG: SSH: Accepted value fwstart='iptables -N fail2ban-SSH\niptables -A fail2ban-SSH -j RETURN\niptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH' 2006-09-09 13:19:02,888 DEBUG: SSH: Accepted value fwend='iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH\niptables -F fail2ban-SSH\niptables -X fail2ban-SSH' 2006-09-09 13:19:02,888 DEBUG: SSH: Accepted value fwban='iptables -I fail2ban-SSH 1 -s <ip> -j DROP' 2006-09-09 13:19:02,888 DEBUG: SSH: Accepted value fwunban='iptables -D fail2ban-SSH -s <ip> -j DROP' 2006-09-09 13:19:02,889 DEBUG: SSH: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-SSH' 2006-09-09 13:19:02,889 DEBUG: SASL: Accepted value enabled=False 2006-09-09 13:19:02,889 DEBUG: SASL: Accepted value logfile='/var/log/mail.log' 2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value maxfailures=5 2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value bantime=600 2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value findtime=600 2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}' 2006-09-09 13:19:02,891 DEBUG: SASL: Accepted value timepattern='%b %d %H:%M:%S' 2006-09-09 13:19:02,891 DEBUG: SASL: Accepted value failregex=': warning: [-._\\w]+\\[(?P<host>[.\\d]+)\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$' 2006-09-09 13:19:02,891 DEBUG: SASL: Accepted value fwstart='iptables -N fail2ban-SASL\niptables -A fail2ban-SASL -j RETURN\niptables -I INPUT -p tcp --dport smtp -j fail2ban-SASL' 2006-09-09 13:19:02,892 DEBUG: SASL: Accepted value fwend='iptables -D INPUT -p tcp --dport smtp -j fail2ban-SASL\niptables -F fail2ban-SASL\niptables -X fail2ban-SASL' 2006-09-09 13:19:02,892 DEBUG: SASL: Accepted value fwban='iptables -I fail2ban-SASL 1 -s <ip> -j DROP' 2006-09-09 13:19:02,892 DEBUG: SASL: Accepted value fwunban='iptables -D fail2ban-SASL -s <ip> -j DROP' 2006-09-09 13:19:02,893 DEBUG: SASL: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-SASL' 2006-09-09 13:19:02,893 DEBUG: Apache: Accepted value enabled=False 2006-09-09 13:19:02,893 DEBUG: Apache: Accepted value logfile='/var/log/apache/error.log' 2006-09-09 13:19:02,894 DEBUG: Apache: Accepted value maxfailures=5 2006-09-09 13:19:02,894 DEBUG: Apache: Accepted value bantime=600 2006-09-09 13:19:02,894 DEBUG: Apache: Accepted value findtime=600 2006-09-09 13:19:02,895 DEBUG: Apache: Accepted value timeregex='\\S{3} \\S{3} \\d{2} \\d{2}:\\d{2}:\\d{2} \\d{4}' 2006-09-09 13:19:02,895 DEBUG: Apache: Accepted value timepattern='%a %b %d %H:%M:%S %Y' 2006-09-09 13:19:02,895 DEBUG: Apache: Accepted value failregex='[[]client (?P<host>\\S*)[]] user .*(?:: authentication failure|not found)' 2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwstart='iptables -N fail2ban-Apache\niptables -A fail2ban-Apache -j RETURN\niptables -I INPUT -p tcp --dport http -j fail2ban-Apache' 2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwend='iptables -D INPUT -p tcp --dport http -j fail2ban-Apache\niptables -F fail2ban-Apache\niptables -X fail2ban-Apache' 2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwban='iptables -I fail2ban-Apache 1 -s <ip> -j DROP' 2006-09-09 13:19:02,897 DEBUG: Apache: Accepted value fwunban='iptables -D fail2ban-Apache -s <ip> -j DROP' 2006-09-09 13:19:02,897 DEBUG: Apache: Accepted value fwcheck='iptables -L INPUT | grep -q fail2ban-Apache' 2006-09-09 13:19:02,897 INFO: Enabled sections: ['SSH'] 2006-09-09 13:19:02,898 DEBUG: Add 127.0.0.1 to ignore list 2006-09-09 13:19:02,898 WARNING: is not a valid IP address 2006-09-09 13:19:02,898 DEBUG: Nothing to do 2006-09-09 13:19:02,898 DEBUG: SSH: Initialize firewall rules 2006-09-09 13:19:02,899 DEBUG: iptables -N fail2ban-SSH iptables -A fail2ban-SSH -j RETURN iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH 2006-09-09 13:19:02,899 DEBUG: /var/log/auth.log has been modified 2006-09-09 13:19:02,899 DEBUG: /var/log/auth.log 2006-09-09 13:19:02,906 ERROR: unknown locale: en_DK 2006-09-09 13:19:02,906 ERROR: Please check the format and your locale settings. 2006-09-09 13:19:02,906 DEBUG: Setting file position to 0 for /var/log/auth.log 2006-09-09 13:19:02,924 ERROR: Fail2Ban got an unhandled exception and died. 2006-09-09 13:19:02,925 ERROR: Type: 'AttributeError' Value: ('strptime',) TB: [('/usr/bin/fail2ban', 55, '?', 'fail2ban.main()'), ('/usr/share/fail2ban/fail2ban.py', 513, 'main', 'e = element[1].getFailures()'), ('/usr/share/fail2ban/logreader/logreader.py', 143, 'getFailures', 'for element in self.findFailure(line):'), ('/usr/share/fail2ban/logreader/logreader.py', 174, 'findFailure', 'date = self.getUnixTime(timeMatch.group())'), ('/usr/share/fail2ban/logreader/logreader.py', 216, 'getUnixTime', 'date = list(time.strptime(value, self.timepattern))')] 2006-09-09 13:19:02,925 WARNING: Restoring firewall rules... 2006-09-09 13:19:02,925 DEBUG: SSH: Restore firewall rules 2006-09-09 13:19:02,926 DEBUG: iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH iptables -F fail2ban-SSH iptables -X fail2ban-SSH 2006-09-09 13:19:02,926 DEBUG: Nothing to do 2006-09-09 13:19:02,926 DEBUG: Removed PID lock /var/run/fail2ban.pid
-- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-k7 Locale: LANG=en_DK, LC_CTYPE=en_DK (charmap=ISO-8859-1) Versions of packages fail2ban depends on: ii iptables 1.3.3-1bpo1 Linux kernel 2.4+ iptables adminis ii lsb-base 3.1-9bpo1 Linux Standard Base 3.1 init scrip ii python 2.3.5-2 An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]