Oh that is so excellent. I'm actually really thrilled that we were able to
work this out, even though we did it backwards.
Thanks for being so willing to talk through all the various troubleshooting
stuff with me - sometimes it's the fact that we go through "wrong"
troubleshooting steps that leads to finding out the right thing to do.
I'm gonna look into the other bits of software you mentioned. F2b is pretty
heavy on my system.
All the best :-)
-tony
Tony Collins
On 4 September 2017 at 15:30, chaouche yacine via Fail2ban-users <
fail2ban-users@lists.sourceforge.net> wrote:
> On Monday, September 4, 2017 1:00 PM, Tony Collins <t...@evilplan.org.uk>
> wrote:
>
> > you could check the actual live config to see if it did what you
> expected [...]
> > fail2ban-client -d | grep dovecot-long
>
> Bingo ! I put maxretries instead of maxretry and f2b was completely silent
> about it. I am not sure why f2b developers chose to be silent about unknown
> configuration options ?
>
> root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep dovecot-long
> WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
> ['add', 'dovecot-long', 'auto']
> ['set', 'dovecot-long', 'usedns', 'warn']
> ['set', 'dovecot-long', 'addlogpath', '/var/log/dovecot.log']
> ['set', 'dovecot-long', 'maxretry', 3]
> [...]
>
> After changing it I have the correct value
>
> root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep dovecot-long
> WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
> ['add', 'dovecot-long', 'auto']
> ['set', 'dovecot-long', 'usedns', 'warn']
> ['set', 'dovecot-long', 'addlogpath', '/var/log/dovecot.log']
> ['set', 'dovecot-long', 'maxretry', 10]
> [...]
>
> > Sorry for making you go through all this. It might be a complete waste
> of time, but I won't be embarrassed if someone comes along and tells you
> that all you needed to do was change one "." in a file somewhere :-)
>
> Ba-dum Tisssssss :)
>
>
> > Hmm can I ask you to grep for "INFO" in fail2ban.log, so we can see if
> it's actually logging f2b's info messages?
>
> Yes it does log INFO messages
>
> root@messagerie[10.10.10.19] ~ # grep INFO /var/log/fail2ban.log
> 2017-09-04 09:53:24,230 fail2ban.server [10631]: INFO Stopping all jails
> 2017-09-04 09:53:25,047 fail2ban.jail [10631]: INFO Jail 'postfix'
> stopped
> 2017-09-04 09:53:26,027 fail2ban.jail [10631]: INFO Jail
> 'postfix-sasl' stopped
> 2017-09-04 09:53:26,756 fail2ban.jail [10631]: INFO Jail
> 'dovecot-long' stopped
> 2017-09-04 09:53:27,625 fail2ban.jail [10631]: INFO Jail 'ssh' stopped
> 2017-09-04 09:53:28,427 fail2ban.jail [10631]: INFO Jail 'dovecot'
> stopped
>
>
> > it's worth upgrading cos it might simply solve this problem and run
> better [...]
>
> I'm also considering giving Wazuh or OSSEC a try. I heard it's faster,
> consumes less ressources and is networked.
>
> Thanks a lot for your patience and awesome support !
>
> Yassine.
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
