Please make sure you do a reply-to-all or a reply-to-list as all your replies are bypassing the mailing lists and coming straight to me.
Which firewall are you running and what is your default action? Try increasing your loglevel to get more information. You say your fail2ban log looks perfect. What are you seeing in it when you make a few failed attempts? Can you post a snippet? I'd also stick with 0.9.x as its set up is slightly different from 0.8.x (lots more defaulting). On 20/10/2016 09:13, Anthony Griffiths wrote: > something is really wrong here. I uninstalled fail2ban 0.9 and > completely deleted all remaining traces. Then I downloaded and > installed this: > http://yum.schmoozecom.net/schmooze-commercial/6/x86_64/RPMS/fail2ban/fail2ban-0.8.14-1.shmz65.1.129.noarch.rpm > this is fail2ban specifically designed around freepbx. But it still > doesn't work. > The new fail2ban-0.8 starts fine, the fail2ban.log looks perfect, I do > some deliberate failed logins to the freepbx-gui and nothing happens. > I'm watching the log while doing the failed logins and it just sits > there doing nothing. > If I run: > fail2ban-regex /var/log/asterisk/freepbx_security.log > /etc/fail2ban/filter.d/freepbx.conf > I get: > ---------------------------------------------------------- > Running tests > ============= > > Use failregex file : /etc/fail2ban/filter.d/freepbx.conf > Use log file : /var/log/asterisk/freepbx_security.log > > > Results > ======= > > Failregex: 87 total > |- #) [# of hits] regular expression > | 1) [87] Authentication failure for .* from <HOST> > `- > > Ignoreregex: 0 total > > Date template hits: > |- [# of hits] date format > | [262] Year-Month-Day Hour:Minute:Second > `- > > Lines: 262 lines, 0 ignored, 87 matched, 175 missed > Missed line(s): too many to print. Use --print-all-missed to print > all 175 lines > -------------------------------------------------------- > > In jail.local I have 'ignoreip = 127.0.0.1' and that's all. > > this to me looks correct. If you can shed any light on this I'd be > really grateful. Fail2ban-regex is the only troubleshooting command i > know. Are there any others I could use? > > ps: and to make matters worse the sshd jail doesn't work either. > Thanks for any further thoughts. > > On Wed, Oct 19, 2016 at 10:19 PM, Nick Howitt <n...@howitts.co.uk> wrote: >> On 19/10/2016 22:08, Anthony Griffiths wrote: >>>> From the changelog, 0.9.4 is not much different from 0.9.3 syntax-wise >>>> so my jail and filter should be OK. >>>> >>>> When doing your failed logins, are they from any IP covered by the >>>> ignoreip parameter in jail.conf or jail.local? If loglevel is set to >>>> INFO you should get an f2b message every time you get a filter hit, but >>>> I'm not sure if it is covered by your ignoreip. >>> I've double check jail.local and all I have is: ignoreip = 127.0.0.1/8 >>> There is one thing at the back of my mind though, I assumed the failed >>> login was on port 80 however this could be wrong. I've asked on the >>> freepbx forum but no response yet. >> Even then you should still be able to see the banning in the logs. Also, >> if you're using iptables you can do an "iptables -nvL" and see if your >> f2b-pbx-gui lists your IP. It won't be effective if it is blocking the >> wrong ports but it will be there. >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
