Re: [Fail2ban-users] jail.local not triggered

Fri, 30 Aug 2019 09:58:04 -0700 


-------- Original Message --------
*Subject: *  [Fail2ban-users] jail.local not triggered
*From: *     Chet Curry <thech...@gmail.com>
*To: *         Fail2ban-users <Fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: *      2019-8-30  12:28 PM

So I can run fail2ban-regex and get matches.


[root@xspdm2 ~]# fail2ban-regex /var/broadworks/logs/apache/access_log.2019-08-29-19_12_06 
/etc/fail2ban/filter.d/apache-Mac.conf


Running tests
=============

Use   failregex filter file : apache-Mac, basedir: /etc/fail2ban
Use         log file : 
/var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
Use         encoding : UTF-8


Results
=======

Failregex: 57041 total
|-  #) [# of hits] regular expression
|   1) [57041] ^<HOST>.*"GET.*HTTP/1.1" [401|404]{3}
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [57071] Day(?P<_sep>[-/])MON(?P=_sep)Year[ 
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 57071 lines, 0 ignored, 57041 matched, 30 missed
[processed in 7.20 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 30 lines

Yet when I run fail2ban using jail.local and using the filter apache-Mac.conf 
it does not get any matches.

filter.d
:24 apache-Mac.conf
bwad...@xspdm2.hv.voicelab.bhnis.net 
<mailto:bwad...@xspdm2.hv.voicelab.bhnis.net>$ cat apache-Mac.conf
#Fail2Ban apache-404 filter
#
# Author: Chet Curry
#
#
[Definition]
#Notes.:regex to match the Host IP and ("Get and <mac address>.cfg HTTP/1.1" 
and 401 or 404)
# example
#   HOST                                        "GET                       <mac 
address>.cfg HTTP/1.1" 401 or 404

# 85.17.172.70 - - [03/Apr/2018:07:25:09 -0400] "GET /dms/bw/host/bwas/Polycom_VVX500/0004f2050605.cfg HTTP/1.1" 404 
952 0 1343

#failregex = ^<HOST>.*"GET.*([0-9a-fA-F]{2}){6}.cfg HTTP/1.1" [401|404]{3}

cat /etc/fail2ban/jail.d/jail.local
[apache-Mac]
enabled = true
port = http,https
filter = apache-Mac
logpath = /var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
maxretry = 50
findtime = 60
bantime = 604800

fail2ban-client status
Status
|- Number of jail:      1
`- Jail list:   apache-Mac
[root@xspdm2 ~]# fail2ban-client status apache-Mac
Status for the jail: apache-Mac
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:  /var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

Any ideas?





You have maxretry set to 50.

That means it will have to happen at least 50 times.

Try changing it to 1, and see what happens.

Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com




_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to