Im testing smeserver-fail2ban against failed http logons on SME8.1 machine :
not sure if this is a bug or misconfiguration ( bug filed anyway at :
http://bugs.contribs.org/show_bug.cgi?id=8645I also read this post
http://forums.contribs.org/index.php/topic,51108.msg258899.html#msg258899 and although its marked "Resolved " I dont see anything at
PostEdit: now resolved :: see notes at the bottom
of http://wiki.contribs.org/Fail2ban#default_jail.conf
Installed fail2ban as per
http://wiki.contribs.org/Fail2ban#Fail2ban_for_SME_ServerI have an ibay set up that requires authenticated access ( Public access via web or anonymous ftp : Entire Internet(password required)
I'm deliberately using the wrong credentials to logon to check if fail2ban will log this and ban the IP , whilst running a terminal that is montiroring the /var/log/httpd/error_log file.
config show fail2ban
fail2ban=service
BanTime=604800
FindTime=3600
Mail=enabled
MailRecipient=admin
status=enabled
/var/log/httpd/error_log shows :
[Wed Nov 05 23:05:17 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:05:38 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:05:49 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:06:03 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:32:13 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
The MaxRetry is =3
[DEFAULT]
ignoreip = 127.0.0.0/8 192.168.1.1 192.168.1.0/24
bantime = 604800
findtime = 3600
maxretry = 3
usedns = yes
backend = auto
The other jails are working.
It seems that the apache-auth.conf does not have the correct failregex / or the failregex expressions need tweeking ?