[45] means 4 or 5 in regex so should be Ok.
I'd need to decompose the filter to work out what the first bit meant,
but I think there is an issue anyway. The filter has 2 spaces after
ModSecurity:. You should remove one of them. I am also not sure what the
(\[.*?\] )* means but I think it is OK (because the * makes it zero or
more occurrences)
Nick
On 2016-10-06 14:08, kamil kapturkiewicz wrote:
> Hi Nick,
> I've changed logpath in
>
> [apache-modsecurity]
> enabled = true
> filter = apache-modsecurity
> port = http,https
> #logpath = /var/log/apache2/modsecurity/modsec_audit.log
> logpath = /var/log/apache2/*error.log
> maxretry = 2
>
> to /var/log/apache*/*error.log, to be honest I don't think that was a
> problem.
>
> Then restarted fail2ban:
>
> 2016-10-06 13:46:54,941 fail2ban.server [511]: INFO Changed logging
> target to /var/log/fail2ban.log for Fail2ban v0.8.13
> 2016-10-06 13:46:54,941 fail2ban.jail [511]: INFO Creating new
> jail 'ssh'
> 2016-10-06 13:46:54,963 fail2ban.jail [511]: INFO Jail 'ssh' uses
> pyinotify
> 2016-10-06 13:46:54,983 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:54,984 fail2ban.filter [511]: INFO Added logfile =
> /var/log/auth.log
> 2016-10-06 13:46:54,984 fail2ban.filter [511]: INFO Set maxRetry = 3
> 2016-10-06 13:46:54,986 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:54,986 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,016 fail2ban.jail [511]: INFO Creating new
> jail 'ssh-ddos'
> 2016-10-06 13:46:55,017 fail2ban.jail [511]: INFO Jail 'ssh-ddos'
> uses pyinotify
> 2016-10-06 13:46:55,021 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,022 fail2ban.filter [511]: INFO Added logfile =
> /var/log/auth.log
> 2016-10-06 13:46:55,023 fail2ban.filter [511]: INFO Set maxRetry = 3
> 2016-10-06 13:46:55,024 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,025 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,029 fail2ban.jail [511]: INFO Creating new
> jail 'apache'
> 2016-10-06 13:46:55,029 fail2ban.jail [511]: INFO Jail 'apache'
> uses pyinotify
> 2016-10-06 13:46:55,034 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,037 fail2ban.filter [511]: INFO Added logfile =
> /var/log/apache2/www.domain.com_error.log
> 2016-10-06 13:46:55,040 fail2ban.filter [511]: INFO Set maxRetry = 3
> 2016-10-06 13:46:55,041 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,042 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,063 fail2ban.jail [511]: INFO Creating new
> jail 'apache-noscript'
> 2016-10-06 13:46:55,063 fail2ban.jail [511]: INFO Jail
> 'apache-noscript' uses pyinotify
> 2016-10-06 13:46:55,068 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,070 fail2ban.filter [511]: INFO Added logfile =
> /var/log/apache2/www.domain.com_error.log
> 2016-10-06 13:46:55,074 fail2ban.filter [511]: INFO Set maxRetry = 3
> 2016-10-06 13:46:55,075 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,076 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,082 fail2ban.jail [511]: INFO Creating new
> jail 'apache-overflows'
> 2016-10-06 13:46:55,082 fail2ban.jail [511]: INFO Jail
> 'apache-overflows' uses pyinotify
> 2016-10-06 13:46:55,087 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,089 fail2ban.filter [511]: INFO Added logfile =
> /var/log/apache2/www.domain.com_error.log
> 2016-10-06 13:46:55,093 fail2ban.filter [511]: INFO Set maxRetry = 2
> 2016-10-06 13:46:55,095 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,095 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,100 fail2ban.jail [511]: INFO Creating new
> jail 'apache-modsecurity'
> 2016-10-06 13:46:55,100 fail2ban.jail [511]: INFO Jail
> 'apache-modsecurity' uses pyinotify
> 2016-10-06 13:46:55,104 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,106 fail2ban.filter [511]: INFO Added logfile =
> /var/log/apache2/www.domain.com_error.log
> 2016-10-06 13:46:55,110 fail2ban.filter [511]: INFO Set maxRetry = 2
> 2016-10-06 13:46:55,112 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,112 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,116 fail2ban.jail [511]: INFO Creating new
> jail 'apache-nohome'
> 2016-10-06 13:46:55,116 fail2ban.jail [511]: INFO Jail
> 'apache-nohome' uses pyinotify
> 2016-10-06 13:46:55,120 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,122 fail2ban.filter [511]: INFO Added logfile =
> /var/log/apache2/www.domain.com_error.log
> 2016-10-06 13:46:55,125 fail2ban.filter [511]: INFO Set maxRetry = 2
> 2016-10-06 13:46:55,127 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,127 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,131 fail2ban.jail [511]: INFO Creating new
> jail 'proftpd'
> 2016-10-06 13:46:55,131 fail2ban.jail [511]: INFO Jail 'proftpd'
> uses pyinotify
> 2016-10-06 13:46:55,135 fail2ban.jail [511]: INFO Initiated
> 'pyinotify' backend
> 2016-10-06 13:46:55,136 fail2ban.filter [511]: INFO Added logfile =
> /var/log/proftpd/proftpd.log
> 2016-10-06 13:46:55,137 fail2ban.filter [511]: INFO Set maxRetry = 5
> 2016-10-06 13:46:55,139 fail2ban.filter [511]: INFO Set findtime =
> 200
> 2016-10-06 13:46:55,139 fail2ban.actions[511]: INFO Set banTime =
> 7200
> 2016-10-06 13:46:55,151 fail2ban.jail [511]: INFO Jail 'ssh'
> started
> 2016-10-06 13:46:55,154 fail2ban.jail [511]: INFO Jail 'ssh-ddos'
> started
> 2016-10-06 13:46:55,155 fail2ban.jail [511]: INFO Jail 'apache'
> started
> 2016-10-06 13:46:55,156 fail2ban.jail [511]: INFO Jail
> 'apache-noscript' started
> 2016-10-06 13:46:55,158 fail2ban.jail [511]: INFO Jail
> 'apache-overflows' started
> 2016-10-06 13:46:55,159 fail2ban.jail [511]: INFO Jail
> 'apache-modsecurity' started
> 2016-10-06 13:46:55,161 fail2ban.jail [511]: INFO Jail
> 'apache-nohome' started
> 2016-10-06 13:46:55,163 fail2ban.jail [511]: INFO Jail 'proftpd'
> started
>
> And it still doesn't work:
>
> [Thu Oct 06 14:00:14.333956 2016] [:error] [pid 1769] [client
> 39.32.198.121] ModSecurity: Access denied with code 403 (phase 2).
> Pattern match
> "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)"
> at REQUEST_COOKIES:OutlookSession. [file
> "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
> [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
> Injection Testing Detected"] [data "Matched
> Data: \\x22 found within REQUEST_COOKIES:OutlookSession:
> \\x22{3F5E78D0-D2A5-48C5-B6E5-17433746E702}\\x22"] [severity
> "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
> "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
> [hostname "domain.com"] [uri "/autodiscover/autodiscover.xml"]
> [unique_id "V-ZK3n8AAQEAAAbpDGgAAAAE"]
> [Thu Oct 06 14:00:23.942298 2016] [:error] [pid 1802] [client
> 39.32.198.121] ModSecurity: Access denied with code 403 (phase 2).
> Pattern match
> "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)"
> at REQUEST_COOKIES:OutlookSession. [file
> "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
> [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
> Injection Testing Detected"] [data "Matched
> Data: \\x22 found within REQUEST_COOKIES:OutlookSession:
> \\x22{3F5E78D0-D2A5-48C5-B6E5-17433746E702}\\x22"] [severity
> "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
> "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
> [hostname "domain.com"] [uri "/autodiscover/autodiscover.xml"]
> [unique_id "V-ZK538AAQEAAAcKZxAAAAAO"]
> [Thu Oct 06 14:00:33.463946 2016] [:error] [pid 1769] [client
> 39.32.198.121] ModSecurity: Access denied with code 403 (phase 2).
> Pattern match
> "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)"
> at REQUEST_COOKIES:OutlookSession. [file
> "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
> [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
> Injection Testing Detected"] [data "Matched
> Data: \\x22 found within REQUEST_COOKIES:OutlookSession:
> \\x22{3F5E78D0-D2A5-48C5-B6E5-17433746E702}\\x22"] [severity
> "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
> "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
> [hostname "domain.com"] [uri "/autodiscover/autodiscover.xml"]
> [unique_id "V-ZK8X8AAQEAAAbpDGkAAAAE"]
> [Thu Oct 06 14:00:52.211259 2016] [:error] [pid 1766] [client
> 39.32.198.121] ModSecurity: Access denied with code 403 (phase 2).
> Pattern match
> "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)"
> at REQUEST_COOKIES:OutlookSession. [file
> "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
> [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
> Injection Testing Detected"] [data "Matched
> Data: \\x22 found within REQUEST_COOKIES:OutlookSession:
> \\x22{3F5E78D0-D2A5-48C5-B6E5-17433746E702}\\x22"] [severity
> "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
> "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
> [hostname "domain.com"] [uri "/autodiscover/autodiscover.xml"]
> [unique_id "V-ZLBH8AAQEAAAbmEUsAAAAB"]
> [Thu Oct 06 14:01:48.862983 2016] [:error] [pid 2028] [client
> 39.32.198.121] ModSecurity: Access denied with code 403 (phase 2).
> Pattern match
> "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)"
> at REQUEST_COOKIES:OutlookSession. [file
> "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
> [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
> Injection Testing Detected"] [data "Matched
> Data: \\x22 found within REQUEST_COOKIES:OutlookSession:
> \\x22{3F5E78D0-D2A5-48C5-B6E5-17433746E702}\\x22"] [severity
> "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
> "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
> "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
> [hostname "domain.com"] [uri "/autodiscover/autodiscover.xml"]
> [unique_id "V-ZLPH8AAQEAAAfsmmEAAAAI"]
>
> And Fail2Ban won't catch it. Maybe the problem is withe the rule?
>
> failregex = ^%(_apache_error_client)s ModSecurity: (\[.*?\] )*Access
> denied with code [45]\d\d.*$
>
> shouldn't be [40] instead?
>
> Dnia Czwartek, 6 Października 2016 13:35 Nick Howitt
> <[email protected]> napisał(a)
>> If the logs are in /var/log/apache2 why not specify it instead of
>> /var/log/apache*?
>>
>> The jails on their own mean little without the relevant filters.
>>
>> Filters on modsec_audit.log will struggle because it is a multi-line
>> log
>> and anything you match on must contain the IP address. That appears
>> only
>> once for your long error report.
>>
>> FWIW your apache and apache-multiport jails are identical so one
>> should
>> be disabled as it is a waste of time.
>>
>> On 2016-10-06 10:35, kamil kapturkiewicz wrote:
>> > Hi,
>> > I've configured Fail2Ban (0.8.13 Debian Jessie) and it is working fine
>> > for ProFTPd and SSH, unfortunately for some reason it doesn't work
>> > with Apache/ModSecurity logs.
>> >
>> > All Apache logs are under /var/log/apache2 and all Apache logs have
>> > file names in format:
>> >
>> > domain_custom.log
>> > domain_error.log
>> >
>> > whilst ModSecurity audit log is under
>> > /var/log/apache2/modsecurity/modsec_audit.log
>> >
>> > Both Apache error log and modsec_audit.log are full of many nasty
>> > attempts:
>> >
>> > domain_error.log:
>> > [Thu Oct 06 10:29:16.806118 2016] [:error] [pid 59241] [client
>> > 118.140.253.98] ModSecurity: Access denied with code 403 (phase 2).
>> > Pattern match
>> > "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)"
>> > at REQUEST_COOKIES:OutlookSession. [file
>> > "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
>> > [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
>> > Injection Testing Detected"] [data "Matched
>> > Data: \\x22 found within REQUEST_COOKIES:OutlookSession:
>> > \\x22{A5B17B05-EE3D-452F-A844-308B72D9DFA4}\\x22"] [severity
>> > "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
>> > "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
>> > "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
>> > [hostname "domain.com"] [uri "/autodiscover/autodiscover.xml"]
>> > [unique_id "V-YZbH8AAQEAAOdpD6MAAAAJ"]
>> > [Thu Oct 06 10:30:58.329992 2016] [:error] [pid 59476] [client
>> > 207.46.13.150:7332] PHP Fatal error: Call to a member function
>> > color() on boolean in /var/www/www.domain.com/site/snippets/header.php
>> > on line 53
>> >
>> >
>> >
>> > modsec_audit.log:
>> > --1c9d510a-Z--
>> >
>> > --af3c8e0f-A--
>> > [06/Oct/2016:10:23:55 +0100] V-YYK38AAQEAAOWEJk8AAAAK 118.140.253.98
>> > 61223 IP 443
>> > --af3c8e0f-B--
>> > POST /autodiscover/autodiscover.xml HTTP/1.1
>> > Cache-Control: no-cache
>> > Connection: Keep-Alive
>> > Pragma: no-cache
>> > Content-Type: text/xml
>> > Authorization: Bearer
>> > Cookie: OutlookSession="{138CA3CB-3E39-4AF0-9E4F-BBF5F68D880F}"
>> > User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook
>> > 16.0.7127; Pro)
>> > X-MS-CookieUri-Requested: t
>> > X-FeatureVersion: 1
>> > Client-Request-Id: {16437973-34B0-4BEF-90F7-60362A1E9187}
>> > X-User-Identity: [email protected]
>> > X-MapiHttpCapability: 1
>> > Depth: 0
>> > X-AnchorMailbox: [email protected]
>> > Content-Length: 353
>> > Host: domain.com
>> >
>> > --af3c8e0f-F--
>> > HTTP/1.1 403 Forbidden
>> > Strict-Transport-Security: max-age=15768000
>> > Content-Length: 238
>> > Keep-Alive: timeout=5, max=100
>> > Connection: Keep-Alive
>> > Content-Type: text/html; charset=iso-8859-1
>> >
>> > --af3c8e0f-E--
>> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> > <html><head>
>> > <title>403 Forbidden</title>
>> > </head><body>
>> > <h1>Forbidden</h1>
>> > <p>You don't have permission to access /autodiscover/autodiscover.xml
>> > on this server.<br />
>> > </p>
>> > </body></html>
>> >
>> > --af3c8e0f-H--
>> > Message: Access denied with code 403 (phase 2). Pattern match
>> > "(^[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+|[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+$)"
>> > at REQUEST_COOKIES:OutlookSession. [file
>> > "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"]
>> > [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common
>> > Injection Testing Detected"] [data "Matched Data: \x22 found within
>> > REQUEST_COOKIES:OutlookSession:
>> > \x22{138CA3CB-3E39-4AF0-9E4F-BBF5F68D880F}\x22"] [severity "CRITICAL"]
>> > [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag
>> > "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag
>> > "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
>> > Action: Intercepted (phase 2)
>> > Stopwatch: 1475745835994120 1159 (- - -)
>> > Stopwatch2: 1475745835994120 1159; combined=186, p1=131, p2=52, p3=0,
>> > p4=0, p5=3, sr=33, sw=0, l=0, gc=0
>> > Response-Body-Transformed: Dechunked
>> > Producer: ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/);
>> > OWASP_CRS/2.2.9.
>> > Server: Apache
>> > Engine-Mode: "ENABLED"
>> >
>> > --af3c8e0f-Z--
>> >
>> > jail.conf:
>> >
>> > [apache]
>> > enabled = true
>> > port = http,https
>> > filter = apache-auth
>> > logpath = /var/log/apache*/*error.log
>> > maxretry = 3
>> >
>> > [apache-multiport]
>> > enabled = true
>> > port = http,https
>> > filter = apache-auth
>> > logpath = /var/log/apache*/*error.log
>> > maxretry = 3
>> >
>> > [apache-noscript]
>> > enabled = true
>> > port = http,https
>> > filter = apache-noscript
>> > logpath = /var/log/apache*/*error.log
>> > maxretry = 3
>> >
>> > [apache-overflows]
>> > enabled = true
>> > port = http,https
>> > filter = apache-overflows
>> > logpath = /var/log/apache*/*error.log
>> > maxretry = 2
>> >
>> > [apache-modsecurity]
>> > enabled = true
>> > filter = apache-modsecurity
>> > port = http,https
>> > #logpath = /var/log/apache2/modsecurity/modsec_audit.log
>> > logpath = /var/log/apache2/*error.log
>> > maxretry = 2
>> >
>> > [apache-nohome]
>> > enabled = true
>> > filter = apache-nohome
>> > port = http,https
>> > logpath = /var/log/apache*/*_error.log
>> > maxretry = 2
>> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> > _______________________________________________
>> > Fail2ban-users mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Fail2ban-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
