Re: [Fail2ban-users] backend =
Is a backend needed? Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] backend =
man fail2ban-client: add creates using fail2ban-client status sshd: Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: fail2ban-client get sshd logtarget: does not exist on debian stable. Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com On 08/12/2018 04:28 AM, Dominic Raferd wrote: fail2ban-client get sshd logtarget fail2ban-client status sshd for more info: man fail2ban-client -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] backend =
On Sat, 11 Aug 2018 at 20:05, Philip James Clarke via Fail2ban-users < fail2ban-users@lists.sourceforge.net> wrote: > I don’t know about an “easy way” I just do this > > # grep sshd_log `find /etc/fail2ban -type f` > /etc/fail2ban/paths-common.conf:sshd_log = %(syslog_authpriv)s > /etc/fail2ban/jail.conf:logpath = %(sshd_log)s > /etc/fail2ban/jail.conf:logpath = %(sshd_log)s > > and follow the path until I find the answer > > > On 11 Aug 2018, at 20:00, Wayne Sallee wrote: > > > > No. Like this: > > [sshd] > > > > port= ssh > > logpath = %(sshd_log)s > > backend = %(sshd_backend)s > > > > > > > > Wayne Sallee > > wa...@waynesallee.com > > http://www.WayneSallee.com > > > > On 08/11/2018 02:53 PM, Philip James Clarke via Fail2ban-users wrote: > >> do you mean this? > >> > >> # "filter" defines the filter to use by the jail. > >> # By default jails have names matching their filter name > >> # > >> filter = %(__name__)s > >> > >> or the big action section or log paths? > >> > >> > >> > >>> On 11 Aug 2018, at 19:33, Wayne Sallee wrote: > >>> > >>> The "%(jail_something)s" I'm referring to is in the settings found in > /etc/fail2ban/jail.conf > >>> > >>> Wayne Sallee > >>> wa...@waynesallee.com > >>> http://www.WayneSallee.com > >>> > >>> > >>> On 08/11/2018 12:55 PM, Philip James Clarke via Fail2ban-users wrote: > I’m a little confused about your later comment (below) > > > > And is there an easy way to know what the "%(jail_something)s" > points to? > > > where are you looking? > fail2ban-client get sshd logtarget fail2ban-client status sshd for more info: man fail2ban-client -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] backend =
I don’t know about an “easy way” I just do this # grep sshd_log `find /etc/fail2ban -type f` /etc/fail2ban/paths-common.conf:sshd_log = %(syslog_authpriv)s /etc/fail2ban/jail.conf:logpath = %(sshd_log)s /etc/fail2ban/jail.conf:logpath = %(sshd_log)s and follow the path until I find the answer > On 11 Aug 2018, at 20:00, Wayne Sallee wrote: > > No. Like this: > [sshd] > > port= ssh > logpath = %(sshd_log)s > backend = %(sshd_backend)s > > > > Wayne Sallee > wa...@waynesallee.com > http://www.WayneSallee.com > > On 08/11/2018 02:53 PM, Philip James Clarke via Fail2ban-users wrote: >> do you mean this? >> >> # "filter" defines the filter to use by the jail. >> # By default jails have names matching their filter name >> # >> filter = %(__name__)s >> >> or the big action section or log paths? >> >> >> >>> On 11 Aug 2018, at 19:33, Wayne Sallee wrote: >>> >>> The "%(jail_something)s" I'm referring to is in the settings found in >>> /etc/fail2ban/jail.conf >>> >>> Wayne Sallee >>> wa...@waynesallee.com >>> http://www.WayneSallee.com >>> >>> >>> On 08/11/2018 12:55 PM, Philip James Clarke via Fail2ban-users wrote: I’m a little confused about your later comment (below) > And is there an easy way to know what the "%(jail_something)s" points to? > where are you looking? >>> -- >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! >>> http://sdm.link/slashdot___ >>> Fail2ban-users mailing list >>> Fail2ban-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> ___ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] backend =
The "%(jail_something)s" I'm referring to is in the settings found in /etc/fail2ban/jail.conf Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com On 08/11/2018 12:55 PM, Philip James Clarke via Fail2ban-users wrote: I’m a little confused about your later comment (below) And is there an easy way to know what the "%(jail_something)s" points to? where are you looking? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] backend =
I have backend = pyinotify installed with Ubuntu which apparently is first choice on the auto list. I’m a little confused about your later comment (below) > And is there an easy way to know what the "%(jail_something)s" points to? where are you looking? Something I’ve found useful for checking things are loaded while running recidive (as you can’t use debug mode as it can infinitely loop) is fail2ban-client -dvv status 2>&1 | less that outputs files/ regexes/ what’s turned on etc.. the vv gives about 25 more extra lines in my set up, than the -v flag alone and it’s redirected from stderr as otherwise you don’t get all the information in less or grep. > On 11 Aug 2018, at 17:18, Wayne Sallee wrote: > > I wish fail2ban had better documentation on "backend =". > > Do any of the default "%(jail_backend)s" ever work? > > What settings do y'all use for "backend ="? > > Wayne Sallee > wa...@waynesallee.com > http://www.WayneSallee.com > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] backend =
And is there an easy way to know what the "%(jail_something)s" points to? like as in echo $jail_something Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com On 08/11/2018 12:18 PM, Wayne Sallee wrote: I wish fail2ban had better documentation on "backend =". Do any of the default "%(jail_backend)s" ever work? What settings do y'all use for "backend ="? Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[Fail2ban-users] backend =
I wish fail2ban had better documentation on "backend =". Do any of the default "%(jail_backend)s" ever work? What settings do y'all use for "backend ="? Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
