Hi,
My fail2ban works just fine, only the emails sent on the lighttpd jail
does not contain the related log-lines.
The SSH jail does contain the related log lines. How can is debug/fix
this ? It's running on an raspberry pi with raspbian and fail2ban is
installed via packages.
*jail.local : *
destemail = sysadmin@****.***
mta = sendmail
action = %(action_mwl)s
[404-block]
enabled = true
port = http,https
filter = lighttpd-404
logpath = /var/log/lighttpd/access.log
maxretry = 1
bantime = 86400
*filter.d/lighttpd-404.conf :*
[Definition]
failregex = (?i)^<HOST> .*\/admin.*
(?i)^<HOST> .*\/manager.*
ignoreregex =
*email* :
Hi,
The IP 185.30.166.38 has just been banned by Fail2Ban after
1 attempts against 404-block.
Here is more information about 185.30.166.38:
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% Seehttp://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '185.30.166.0 - 185.30.166.255'
% Abuse contact for '185.30.166.0 - 185.30.166.255' is 'ab...@fnxtec.com'
inetnum: 185.30.166.0 - 185.30.166.255
netname: FNXTEC2
descr: FNXTEC (HYPERFILTER) NETWORK
country: NL
admin-c: FNX-AR
tech-c: FNX-TR
status: ASSIGNED PA
mnt-by: FNXTEC-MNT
mnt-lower: FNXTEC-MNT
mnt-routes: FNXTEC-MNT
org: ORG-FA510-RIPE
created: 2013-12-04T20:40:47Z
last-modified: 2015-06-30T23:49:57Z
source: RIPE
organisation: ORG-FA510-RIPE
org-name: FNXTEC
org-type: OTHER
address: R. Pedro Nano, 96 - Jundiai - SP - Brazil
mnt-ref: FNXTEC-MNT
mnt-by: FNXTEC-MNT
created: 2013-08-03T20:06:32Z
last-modified: 2013-08-08T02:21:19Z
source: RIPE # Filtered
person: FNXTEC - Administrative Role Account
address: R. Pedro Nano, 96
address: Jundiaí - São Paulo - Brazil
address: 13218-330
phone: +31 (20) 894-3337
abuse-mailbox:ab...@fnxtec.com
nic-hdl: FNX-AR
mnt-by: FNXTEC-MNT
created: 2015-06-26T21:30:26Z
last-modified: 2016-05-02T14:14:09Z
source: RIPE # Filtered
person: FNXTEC - Technical Role Account
address: R. Pedro Nano, 96
address: Jundiaí - São Paulo - Brazil
address: 13218-330
phone: +31 (20) 894-3337
abuse-mailbox:ab...@fnxtec.com
nic-hdl: FNX-TR
mnt-by: FNXTEC-MNT
created: 2015-06-26T21:31:48Z
last-modified: 2016-05-02T14:13:35Z
source: RIPE # Filtered
% Information related to '185.30.166.0/24AS60503'
route: 185.30.166.0/24
descr: FNX Tecnologia LTDA
remarks: HyperFilter Network
origin: AS60503
mnt-by: FNXTEC-MNT
created: 2015-06-30T23:50:08Z
last-modified: 2015-06-30T23:50:08Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.87.4
(ANGUS)
Lines containing IP:185.30.166.38 in /var/log/lighttpd/access.log
Regards,
Fail2Ban
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
