Hi Bertrand, Tried to start stop fail2ban few times and it seems to start/stop. I am not sure on the status of iptables after its start or log file since I am not in adm group, but look:
,-------------------------------------------------------------------------------------------------------- | [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban | root 17663 0.3 0.8 16324 3892 ? S 01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17664 0.0 0.8 16324 3892 ? S 01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17665 0.0 0.8 16324 3892 ? S 01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17686 2.1 0.8 16324 3892 ? S 01:15 0:02 python2.4 /usr/bin/fail2ban-server -b | root 17687 0.0 0.8 16324 3892 ? S 01:15 0:00 python2.4 /usr/bin/fail2ban-server -b | test 17730 0.0 0.1 3488 780 pts/1 S+ 01:17 0:00 grep fail2ban | [EMAIL PROTECTED]:~$ sudo /etc/init.d/fail2ban stop | Stopping authentication failure monitor: fail2ban. | [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban | test 17745 0.0 0.1 3488 780 pts/1 S+ 01:18 0:00 grep fail2ban | [EMAIL PROTECTED]:~$ sudo /etc/init.d/fail2ban start | Starting authentication failure monitor: fail2ban. | [EMAIL PROTECTED]:~$ ps auxw | grep fail2ban | root 17753 8.4 0.8 16324 3892 ? S 01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17754 0.8 0.8 16324 3892 ? S 01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17755 1.2 0.8 16324 3892 ? S 01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | root 17776 67.7 0.8 16324 3892 ? S 01:18 0:02 python2.4 /usr/bin/fail2ban-server -b | root 17777 0.2 0.8 16324 3892 ? S 01:18 0:00 python2.4 /usr/bin/fail2ban-server -b | test 17786 0.0 0.1 3488 780 pts/1 S+ 01:18 0:00 grep fail2ban | `--- so it seems to start/stop properly. I am not sure on iptables status - can you also see after you start it iptables are initialized or not... On Sat, 25 Nov 2006, BERTRAND Joц╚l wrote: > Yaroslav Halchenko a ц╘crit : > >indeed strange... unfortunately it would be impossible for me to try it > >myself - no sparc around > I can open a ssh access to one on mine ;-) > >could you please boost verbosity in fail2ban.conf (or override it in > >fail2ba.local) and then send me along fail2ban.log (if it has anything > >in) and output of > >sh -x /etc/init.d/fail2ban start > Now, loglevel=4 in /etc/fail2ban/fail2ban.conf > hilbert:/etc/fail2ban# sh -x /etc/init.d/fail2ban start > + PATH=/usr/sbin:/usr/bin:/sbin:/bin > + DESC='authentication failure monitor' > + NAME=fail2ban > + DAEMON=/usr/bin/fail2ban-client > + SOCKFILE=/tmp/fail2ban.sock > + SCRIPTNAME=/etc/init.d/fail2ban > + '[' -x /usr/bin/fail2ban-client ']' > + '[' -r /etc/default/fail2ban ']' > + . /etc/default/fail2ban > ++ FAIL2BAN_OPTS= > + DAEMON_ARGS= > + '[' -f /etc/default/rcS ']' > + . /etc/default/rcS > ++ TMPTIME=0 > ++ SULOGIN=no > ++ DELAYLOGIN=no > ++ UTC=yes > ++ VERBOSE=yes > ++ FSCKFIX=no > + . /lib/lsb/init-functions > ++ '[' -e /etc/lsb-base-logging.sh ']' > ++ true > + case "$1" in > + '[' yes '!=' no ']' > + log_daemon_msg 'Starting authentication failure monitor' fail2ban > + '[' -z 'Starting authentication failure monitor' ']' > + '[' -z fail2ban ']' > + echo -n 'Starting authentication failure monitor: fail2ban' > Starting authentication failure monitor: fail2ban+ do_start > + do_status > + /usr/bin/fail2ban-client status > + case $? in > + return 0 > + return 1 > + '[' yes '!=' no ']' > + log_end_msg_wrapper 0 2 > + '[' 0 -lt 2 ']' > + value=0 > + log_end_msg 0 > + '[' -z 0 ']' > + log_use_fancy_output > + TPUT=/usr/bin/tput > + EXPR=/usr/bin/expr > + '[' FANCYTTY = 0 ']' > + '[' xxterm '!=' xdumb ']' > + '[' -x /usr/bin/tput ']' > + '[' -x /usr/bin/expr ']' > + /usr/bin/tput hpa 60 > + /usr/bin/tput setaf 1 > + FANCYTTY=1 > + true > ++ /usr/bin/tput setaf 1 > + RED='' > ++ /usr/bin/tput op > + NORMAL='' > + '[' 0 -eq 0 ']' > + echo . > . > + return 0 > + : > hilbert:/etc/fail2ban# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > Chain FORWARD (policy ACCEPT) > target prot opt source destination > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > hilbert:/etc/fail2ban# > But if I run : > hilbert:/etc/fail2ban# sh -x /etc/init.d/fail2ban reload > + PATH=/usr/sbin:/usr/bin:/sbin:/bin > + DESC='authentication failure monitor' > + NAME=fail2ban > + DAEMON=/usr/bin/fail2ban-client > + SOCKFILE=/tmp/fail2ban.sock > + SCRIPTNAME=/etc/init.d/fail2ban > + '[' -x /usr/bin/fail2ban-client ']' > + '[' -r /etc/default/fail2ban ']' > + . /etc/default/fail2ban > ++ FAIL2BAN_OPTS= > + DAEMON_ARGS= > + '[' -f /etc/default/rcS ']' > + . /etc/default/rcS > ++ TMPTIME=0 > ++ SULOGIN=no > ++ DELAYLOGIN=no > ++ UTC=yes > ++ VERBOSE=yes > ++ FSCKFIX=no > + . /lib/lsb/init-functions > ++ '[' -e /etc/lsb-base-logging.sh ']' > ++ true > + case "$1" in > + log_daemon_msg 'Reloading authentication failure monitor' fail2ban > + '[' -z 'Reloading authentication failure monitor' ']' > + '[' -z fail2ban ']' > + echo -n 'Reloading authentication failure monitor: fail2ban' > Reloading authentication failure monitor: fail2ban+ do_reload > + /usr/bin/fail2ban-client reload > + return 0 > + log_end_msg 0 > + '[' -z 0 ']' > + log_use_fancy_output > + TPUT=/usr/bin/tput > + EXPR=/usr/bin/expr > + '[' FANCYTTY = 0 ']' > + '[' xxterm '!=' xdumb ']' > + '[' -x /usr/bin/tput ']' > + '[' -x /usr/bin/expr ']' > + /usr/bin/tput hpa 60 > + /usr/bin/tput setaf 1 > + FANCYTTY=1 > + true > ++ /usr/bin/tput setaf 1 > + RED='' > ++ /usr/bin/tput op > + NORMAL='' > + '[' 0 -eq 0 ']' > + echo . > . > + return 0 > + : > hilbert:/etc/fail2ban# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT 0 -- anywhere anywhere > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > Chain fail2ban-ssh (1 references) > target prot opt source destination > DROP 0 -- webwonderworld.net anywhere > RETURN 0 -- anywhere anywhere > hilbert:/etc/fail2ban# > >Thank you! > You're welcome. And if you have any idea... > Regards, > JKB -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
pgpH3UHk7g77f.pgp
Description: PGP signature