Hi All, I hope someone can help and that it's just a simple oversight on my part. I've been looking at this for too long now to see things clearly.
Today I installed fail2ban on CentOS 6 and got the rpm for fail2ban from EPEL
(0.9.2).
My first jail was configured easily (SSH) and was working really well blocking
with a additional
custom regex in /etc/fail2ban/filter.d/sshd.conf:
^%(__prefix_line)sReceived disconnect from <HOST>: 11: Bye Bye\s*$
On the back of such success I decided to add another jail for sendmail.
Arrgh! The sendmail-iptables jail just won't load! I have gone over the config
again and again. :-(
Maybe someone here has a clue?
Here's what I get after server startup:
# fail2ban-client status sendmail-iptables
ERROR NOK: ('sendmail-iptables',)
Sorry but the jail 'sendmail-iptables' does not exist
And my jail.local:
# cat jail.local
[sendmail-iptables]
enable = true
filter = sendmail-reject
action = iptables-multiport-log[name=SENDMAIL, port="smtps,smtp,submission",
protocol=tcp]
sendmail-whois[name=SENDMAIL, dest=root, sender=email@mydomain]
logpath = %(syslog_mail)s
maxretry = 5
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=email@mydomain]
logpath = %(syslog_authpriv)s
maxretry = 5
And the status, etc...
# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
# fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/secure
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
Now, when I add sendmail-iptables manually all seems well:
# fail2ban-client add sendmail-iptables
Added jail sendmail-iptables
# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: sendmail-iptables, ssh-iptables
# fail2ban-client status sendmail-iptables
Status for the jail: sendmail-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list:
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
But there are no iptables CHAINS created for f2b-SENDMAIL!
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh
...8<...
Chain FORWARD (policy ACCEPT)
target prot opt source destination
...8<...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
...8<...
Chain f2b-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
:^(
So, fail2ban fails to add sendmail-iptables on startup of the init service
script
(/etc/init.d/fail2ban). I can 'add' it manually but it only 'half' loads as the
are no iptables
entries for creating banning rules.
I'm just not seeing where it's failing. Can someone please hit me with a clue
stick!
Kind regards,
Tom
--
Tom Robinson
IT Manager/System Administrator
MoTeC Pty Ltd
121 Merrindale Drive
Croydon South
3136 Victoria
Australia
T: +61 3 9761 5050
F: +61 3 9761 5051
E: [email protected]
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
