Whoops.. I copy and pasted badly off my phone… Here it is in its entirety: https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/cd88d329bc90e12574c73b325ef27ba812217693/nginx-http-auth.conf
So I do think its something dodgy with fail2ban not finding the systemd backend.. A snippet of the logs: https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/e0141700a70bf24db78874a2448ec9266306f350/output.log Thanks again.. w > On 27 Jul 2015, at 08:05, Harrison Johnson <[email protected]> wrote: > > Will, > the failregex is missing a <HOST> variable. it has to have this variable to > ban the host. And is does not an 'action=' statement but you only have to > have an 'action=' if you want to use something different that what is defined > as the default action in the jail.conf file. Btu you have to have the host > variable in the failregex for it to work. > > On Mon, 2015-07-27 at 07:30 +0100, Will Wade wrote: >> Great. Thanks for that. >> Im running v0.9.1 not sure about systemd version. It's Ubuntu 15.04 >> >> >> So I've followed your notes however I'm getting a load of: >> >> >> Jul 27 07:05:04 lisa fail2ban-client[2299]: ERROR NOK: >> ('nginx-http-auth',) >> >> >> When I do a status on the fail2ban service. Is that something I need to >> worry about? >> >> >> My filter : >> https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/97d864a95afc5d304c079a542cb00ded0978df2d/nginx-http-auth.conf >> >> >> My jail.local section : >> https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/97d864a95afc5d304c079a542cb00ded0978df2d/jail.local >> >> >> My fail2ban status output; >> https://gist.githubusercontent.com/willwade/5e76a5e916a79ca55e44/raw/97d864a95afc5d304c079a542cb00ded0978df2d/output >> >> Many thanks >> Will >> >> On 27 Jul 2015, at 02:10, Harrison Johnson <[email protected]> wrote: >> >> >>> What version of fail2ban are you using? And they what version of systemd >>> are you using. I don't know about nginx but in general create a jail.local >>> with: >>> >>> [nginx] >>> enabled = true >>> backend = systemd >>> >>> Then you need to know the systmed unit name is >>> ?> systemctl | grep '.*nginx.*' >>> >>> you should have a line that says something like nginx.service >>> >>> in the /filter.d folder either edit the nginx.conf or make a ngnix.local >>> file. Either way under the section: >>> [Init] >>> journalmatch = _SYSTEMD_UNIT=nginx.service >>> >>> then systemstl restart fail2ban.service to restart the server watch the log >>> file on start up for errors. But before you switch over run this to make >>> sure your journals are good. >>> >>> ?> journalctl --verify. >>> >>> >>> On Sun, 2015-07-26 at 21:56 +0100, Will Wade wrote: >>>> Hi there >>>> I'm on Ubuntu 15.04 and got nginx running fine. As per this question >>>> though I noted that log rotate was screwy : >>>> http://askubuntu.com/questions/629375/nginx-logrotate-logs >>>> >>>> >>>> The bottom answer is probably the correct one - I should switch over to >>>> systemd. I have done but fail2ban really really can't read my logs now (it >>>> couldn't when log rotate was bust but now it's totally not..) >>>> >>>> So I read that fail2ban* has been patched to deal with reading from >>>> systemd but how? Can anyone give me a pointer? >>>> >>>> Many thanks >>>> >>>> Will >>>> >>>> * >>>> https://github.com/fail2ban/fail2ban/pull/224 >>>> >>>> ------------------------------------------------------------------------------ >>>> _______________________________________________ >>>> Fail2ban-users mailing list >>>> >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> > ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
