I need multiple log files to work in order to get appache-overflows or
botsearch, or whater to work.
But at least with your help I was able to get a fail2ban-regex to produce a result. So that got me going into the right
direction.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/10/2018 03:51 PM, Tony Collins wrote:
That's the good stuff lol :-)
Ok, from what I remember, you've got apache-overflows working now, and you've
seen how to add log files.
What do we need to do to make "your" fail2ban work for you?
On Fri, 10 Aug 2018 at 20:48, Wayne Sallee <wa...@waynesallee.com
<mailto:wa...@waynesallee.com>> wrote:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sed -i 's/^/#/' /etc/fail2ban/jail.local
cat >>/etc/fail2ban/jail.local<< "EOF"
[DEFAULT]
# Number of seconds.
bantime = 86400
findtime = 600
maxretry = 5
action = %(action_mwl)s
[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
backend = %(sshd_backend)s
[apache-overflows]
enabled = true
port = http,https
logpath = /var/log/apache2/error.log
/var/log/apache2/error1.log
/var/log/apache2/error5.log
maxretry = 2
EOF
Something like that. :-)
Wayne Sallee
wa...@waynesallee.com <mailto:wa...@waynesallee.com>
http://www.WayneSallee.com
On 08/10/2018 03:15 PM, Tony Collins wrote:
It would be so helpful if we could see your config files :-)
Are you comfortable sharing them yet?
If you want to email privately, I'm happy to do that. I've shared my config
files here before.
Please do not worry about sharing stuff like that. We've all got f2b, we
all know how bad it can be to set it up
and to make nice .conf files.
We can set it all up perfectly with a bit of effort :-)
Tony
On Fri, 10 Aug 2018 at 20:11, Wayne Sallee <wa...@waynesallee.com
<mailto:wa...@waynesallee.com>> wrote:
Although the space does produce better results, so it's needed.
Wayne Sallee
wa...@waynesallee.com <mailto:wa...@waynesallee.com>
http://www.WayneSallee.com
On 08/10/2018 03:03 PM, Wayne Sallee wrote:
I already tried both methods, and even tried spaces after the line.
Maybe I got a buggy version of Fail2Ban.
Wayne Sallee
wa...@waynesallee.com <mailto:wa...@waynesallee.com>
http://www.WayneSallee.com
On 08/10/2018 02:43 PM, Tony Collins wrote:
Thank you for the information.
Ok, I think you mentioned that the semi-colon doesn't work either. But
I'd like to check.
Can you tell me if this works:
[apache-overflows]
enabled = true
port = http,https
logpath = /var/log/apache2/error.log;/var/log/apache2/error2.log
maxretry = 2
So, no spaces between the two file paths/names, just a ;
Also I think maybe you might need an extra space if you use the
"newline" method. I think I forgot to say this!
Does this work:
[apache-overflows]
enabled = true
port = http,https
logpath = /var/log/apache2/error.log
/var/log/apache2/error2.log
maxretry = 2
Note that when I pressed enter at the end of the "logpath" line, I then
typed a space before I typed
"/var/log/apache2/error2.log
Please try both of those. Fail2ban is very "fussy" about its
configuration files. I have made so many
errors while writing configuration files. It is painful!
Tony
On Fri, 10 Aug 2018 at 19:38, Wayne Sallee <wa...@waynesallee.com
<mailto:wa...@waynesallee.com>> wrote:
For example this will error:
[apache-overflows]
enabled = true
port = http,https
logpath = /var/log/apache2/error.log
/var/log/apache2/error2.log
maxretry = 2
ERROR Failed during configuration: Source contains parsing errors:
'/etc/fail2ban/jail.local'
[line 883]: '/var/log/apache2/error2.log\n'
But this will not error:
[apache-overflows]
enabled = true
port = http,https
logpath = /var/log/apache2/error.log
maxretry = 2
And this will not error:
[apache-overflows]
enabled = true
port = http,https
logpath = /var/log/apache2/error2.log
maxretry = 2
/var/log/apache2/error2.log is a substitute name.
Wayne Sallee
wa...@waynesallee.com <mailto:wa...@waynesallee.com>
http://www.WayneSallee.com
On 08/10/2018 02:14 PM, Tony Collins wrote:
Maybe there is a small mistake somewhere in the configuration?
Please paste the jail's configuration here - we will use "fresh
eyes" to see if we can find the
problem :-)
On Fri, 10 Aug 2018 at 19:05, Wayne Sallee <wa...@waynesallee.com
<mailto:wa...@waynesallee.com>> wrote:
I figured that was it, but then wondered surely he knows it's
disabled. :-)
I thought spacing was working before, but it's not, nether does
";" and nether does a new line. So
I just put the others on new lines, and commented them out.
That works :-) sortof :-)
Wayne Sallee
wa...@waynesallee.com <mailto:wa...@waynesallee.com>
http://www.WayneSallee.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
-- Tony Collins
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
-- Tony Collins
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
-- Tony Collins
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users