fail2ban help

Support for security such as Firewalls and securing linux
Post Reply
reckless2k2
Posts: 14
Joined: 2007/07/21 01:03:11
Location: Yardley, PA USA
Contact:

fail2ban help

Post by reckless2k2 » 2007/09/02 01:19:58

I'm hoping someone can help me out with my "failregex" for vsftpd in fail2ban. I can't seem to get the string correct or maybe my logfile location is incorrect. I've attached the vsftpd section of my fail2ban.conf in /etc. Here is the version: fail2ban-0.6.2-1.el4.rf

Thanks for any help.

[code]
[VSFTPD]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: false
#
enabled = true

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/secure
#
logfile = /var/log/messages

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = ftp

# Option: timeregex
# Notes.: regex to match timestamp in VSFTPD logfile.
# Values: [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S+)[/code]

reckless2k2
Posts: 14
Joined: 2007/07/21 01:03:11
Location: Yardley, PA USA
Contact:

Re: fail2ban help

Post by reckless2k2 » 2007/09/07 18:02:56

so there are no fail2ban ninjas around here? i figure this would be a very useful server tool and i'd find some expertise in this place. i'm surprised i'm alone in this place trying to run this. is everyone else running denyhosts or just not bothering with anything at all?

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

fail2ban help

Post by michaelnel » 2007/09/07 21:54:30

I ran fail2ban until I discovered denyhosts. I switched all of our servers over to denyhosts.

Post Reply

Return to “CentOS 4 - Security Support”