Will,
the failregex is missing a <HOST> variable. it has to have this variable
to ban the host. And is does not an 'action=' statement but you only
have to have an 'action=' if you want to use something different that
what is defined as the default action in the jail.conf file. Btu you
have to have the host variable in the failregex for it to work.
On Mon, 2015-07-27 at 07:30 +0100, Will Wade wrote:
> Great. Thanks for that.
> Im running v0.9.1 not sure about systemd version. It's Ubuntu 15.04
>
>
> So I've followed your notes however I'm getting a load of:
>
>
> Jul 27 07:05:04 lisa fail2ban-client[2299]: ERROR NOK:
> ('nginx-http-auth',)
>
>
> When I do a status on the fail2ban service. Is that something I need
> to worry about?
>
>
> My
> filter :
> https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/97d864a95afc5d304c079a542cb00ded0978df2d/nginx-http-auth.conf
>
>
> My jail.local
> section :
> https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/97d864a95afc5d304c079a542cb00ded0978df2d/jail.local
>
>
> My fail2ban status output;
> https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/97d864a95afc5d304c079a542cb00ded0978df2d/output
>
> Many thanks
> Will
>
> On 27 Jul 2015, at 02:10, Harrison Johnson <[email protected]>
> wrote:
>
>
> > What version of fail2ban are you using? And they what version of
> > systemd are you using. I don't know about nginx but in general
> > create a jail.local with:
> >
> > [nginx]
> > enabled = true
> > backend = systemd
> >
> > Then you need to know the systmed unit name is
> > ?> systemctl | grep '.*nginx.*'
> >
> > you should have a line that says something like nginx.service
> >
> > in the /filter.d folder either edit the nginx.conf or make a
> > ngnix.local file. Either way under the section:
> > [Init]
> > journalmatch = _SYSTEMD_UNIT=nginx.service
> >
> > then systemstl restart fail2ban.service to restart the server watch
> > the log file on start up for errors. But before you switch over run
> > this to make sure your journals are good.
> >
> > ?> journalctl --verify.
> >
> >
> > On Sun, 2015-07-26 at 21:56 +0100, Will Wade wrote:
> >
> > > Hi there
> > > I'm on Ubuntu 15.04 and got nginx running fine. As per this question
> > > though I noted that log rotate was screwy :
> > > http://askubuntu.com/questions/629375/nginx-logrotate-logs
> > >
> > > The bottom answer is probably the correct one - I should switch over to
> > > systemd. I have done but fail2ban really really can't read my logs now
> > > (it couldn't when log rotate was bust but now it's totally not..)
> > >
> > > So I read that fail2ban* has been patched to deal with reading from
> > > systemd but how? Can anyone give me a pointer?
> > >
> > > Many thanks
> > >
> > > Will
> > >
> > > * https://github.com/fail2ban/fail2ban/pull/224
> > > ------------------------------------------------------------------------------
> > > _______________________________________________
> > > Fail2ban-users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> >
> >
> >
> > ------------------------------------------------------------------------------
> >
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> >
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
