Obsolete Releases > SME 8.x Contribs

Fail2ban not detecting AuthExtern pwauth failures

(1/1)

warren:
Im testing smeserver-fail2ban against failed http logons on SME8.1 machine :

not sure if this is a bug or misconfiguration ( bug filed anyway at : http://bugs.contribs.org/show_bug.cgi?id=8645

I also read this post http://forums.contribs.org/index.php/topic,51108.msg258899.html#msg258899  and although its marked "Resolved " I dont see anything at
--- Quote ---PostEdit: now resolved :: see notes at the bottom
of http://wiki.contribs.org/Fail2ban#default_jail.conf
--- End quote ---


Installed fail2ban as per http://wiki.contribs.org/Fail2ban#Fail2ban_for_SME_Server

I have an ibay set up that requires authenticated access ( Public access via web or anonymous ftp : Entire Internet(password required)

I'm deliberately using the wrong credentials to logon to check if fail2ban will log this and ban the IP , whilst running a terminal that is montiroring the /var/log/httpd/error_log file.

config show fail2ban
 fail2ban=service
    BanTime=604800
    FindTime=3600
    Mail=enabled
    MailRecipient=admin
    status=enabled

/var/log/httpd/error_log shows :

--- Code: ---[Wed Nov 05 23:05:17 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:05:38 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:05:49 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:06:03 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
[Wed Nov 05 23:32:13 2014] [error] [client 197.85.xxx.xxx] AuthExtern pwauth [/usr/lib/httpd/modules/pwauth]: Failed (1) for user abc
--- End code ---

The MaxRetry is =3

[DEFAULT]
ignoreip = 127.0.0.0/8 192.168.1.1 192.168.1.0/24
bantime  = 604800
findtime  = 3600
maxretry = 3
usedns = yes
backend = auto

The other jails are working.

It seems that the apache-auth.conf does not have the correct failregex / or the failregex expressions need tweeking ?



Daniel B.:
Yes, the failregex must be tweaked. I'll try to take a look at this, but have some more urgent issues to look at first.

Navigation

[0] Message Index

Go to full version