fanfan7110
03/10/2013, 01h21
Bonjour a tous,
Voici les erreurs de mon fail2ban sous débian trouvées dans les logs :
0-03 01:55:24,389 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,389 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,390 fail2ban.filter : ERROR No 'host' group in 'pop3d-ssl: LOGIN FAILED.*ip=\[.*:\]'
2013-10-03 01:55:24,403 fail2ban.jail : INFO Creating new jail 'courierimap'
2013-10-03 01:55:24,404 fail2ban.jail : INFO Jail 'courierimap' uses poller
2013-10-03 01:55:24,404 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-10-03 01:55:24,405 fail2ban.filter : INFO Set maxRetry = 5
2013-10-03 01:55:24,406 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,406 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,407 fail2ban.filter : ERROR No 'host' group in 'imapd: LOGIN FAILED.*ip=\[.*:\]'
2013-10-03 01:55:24,411 fail2ban.jail : INFO Creating new jail 'ssh'
2013-10-03 01:55:24,411 fail2ban.jail : INFO Jail 'ssh' uses poller
2013-10-03 01:55:24,412 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2013-10-03 01:55:24,413 fail2ban.filter : INFO Set maxRetry = 6
2013-10-03 01:55:24,414 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,414 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,500 fail2ban.jail : INFO Creating new jail 'courierimaps'
2013-10-03 01:55:24,501 fail2ban.jail : INFO Jail 'courierimaps' uses poller
2013-10-03 01:55:24,501 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-10-03 01:55:24,502 fail2ban.filter : INFO Set maxRetry = 5
2013-10-03 01:55:24,503 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,503 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,504 fail2ban.filter : ERROR No 'host' group in 'imapd-ssl: LOGIN FAILED.*ip=\[.*:\]'
2013-10-03 01:55:24,517 fail2ban.jail : INFO Creating new jail 'courierauth'
2013-10-03 01:55:24,517 fail2ban.jail : INFO Jail 'courierauth' uses poller
2013-10-03 01:55:24,518 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-10-03 01:55:24,518 fail2ban.filter : INFO Set maxRetry = 6
2013-10-03 01:55:24,519 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,520 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,520 fail2ban.filter : ERROR No 'host' group in 'LOGIN FAILED, ip=\[< HOST >\]
et voici par exemple le fichier conf de courierimaps
# Fail2Ban configuration file
#
# $Revision: 100 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named « host ». The tag « » can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}?(?P\S+)
# Values: TEXT
#
failregex = imapd-ssl: LOGIN FAILED.*ip=\[.*:\]
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Ou est l'erreur ? vous avez une idée ?
Voici les erreurs de mon fail2ban sous débian trouvées dans les logs :
0-03 01:55:24,389 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,389 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,390 fail2ban.filter : ERROR No 'host' group in 'pop3d-ssl: LOGIN FAILED.*ip=\[.*:\]'
2013-10-03 01:55:24,403 fail2ban.jail : INFO Creating new jail 'courierimap'
2013-10-03 01:55:24,404 fail2ban.jail : INFO Jail 'courierimap' uses poller
2013-10-03 01:55:24,404 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-10-03 01:55:24,405 fail2ban.filter : INFO Set maxRetry = 5
2013-10-03 01:55:24,406 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,406 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,407 fail2ban.filter : ERROR No 'host' group in 'imapd: LOGIN FAILED.*ip=\[.*:\]'
2013-10-03 01:55:24,411 fail2ban.jail : INFO Creating new jail 'ssh'
2013-10-03 01:55:24,411 fail2ban.jail : INFO Jail 'ssh' uses poller
2013-10-03 01:55:24,412 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2013-10-03 01:55:24,413 fail2ban.filter : INFO Set maxRetry = 6
2013-10-03 01:55:24,414 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,414 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,500 fail2ban.jail : INFO Creating new jail 'courierimaps'
2013-10-03 01:55:24,501 fail2ban.jail : INFO Jail 'courierimaps' uses poller
2013-10-03 01:55:24,501 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-10-03 01:55:24,502 fail2ban.filter : INFO Set maxRetry = 5
2013-10-03 01:55:24,503 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,503 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,504 fail2ban.filter : ERROR No 'host' group in 'imapd-ssl: LOGIN FAILED.*ip=\[.*:\]'
2013-10-03 01:55:24,517 fail2ban.jail : INFO Creating new jail 'courierauth'
2013-10-03 01:55:24,517 fail2ban.jail : INFO Jail 'courierauth' uses poller
2013-10-03 01:55:24,518 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-10-03 01:55:24,518 fail2ban.filter : INFO Set maxRetry = 6
2013-10-03 01:55:24,519 fail2ban.filter : INFO Set findtime = 600
2013-10-03 01:55:24,520 fail2ban.actions: INFO Set banTime = 600
2013-10-03 01:55:24,520 fail2ban.filter : ERROR No 'host' group in 'LOGIN FAILED, ip=\[< HOST >\]
et voici par exemple le fichier conf de courierimaps
# Fail2Ban configuration file
#
# $Revision: 100 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named « host ». The tag « » can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}?(?P\S+)
# Values: TEXT
#
failregex = imapd-ssl: LOGIN FAILED.*ip=\[.*:\]
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Ou est l'erreur ? vous avez une idée ?