I added nothing to action.d. Perhaps this is the
problem? I copied an existing rule, changed its
name, changed the ban time, and added some ports...
At 08:21 PM 2/19/2018, you wrote:
Content-Type: multipart/alternative;
boundary="------------123F2DDF9681EC10B94C5C00"
Content-Language: en-US
Sorry, that's where the filters are. Try /etc/fail2ban/action.d/
Bill
On 2/19/2018 9:17 PM, Bill Shirley wrote:
It should be in /etc/fail2ban/filter.d/
Do you know which firewall you are using?
Bill
On 2/18/2018 1:44 PM, M.P. wrote:
Note that my failregex shouldn't matter
because I'm not actually looking to have it
triggered automatically. I call this jail
manually from the command line. The problem
isn't with the trigger, but with the
action. Admittedly I pieced together
different sample configs to try and make this work but something is off.
Where can I find the firewallcmd-ipset action?
Again, post your firewallcmd-ipset
action. There's something wrong with it or
with the way your [manban] jail is defaulting to it.
Is /var/log/manban.log an apache error log
file? logpath is the name of the file
fail2ban is to monitor, not the place for fail2ban log its actions.
Also, your filter doesn't match your sample
trigger line. It should be something like this:
failregex = \[client <HOST>\].+File does not exist.*roundcubemail.*$
Do not include regex logic to skip over the time.
You can test this with:
fail2ban-regex /var/log/manban /etc/fail2ban/filter.d/manban.conf
Bill
On 2/14/2018 8:38 PM, M.P. wrote:
can someone explain to me where the error is
in this configuration? Here's the error
message I get when manually trying to ban
using the jail, "manban" - I think I may
need a slightly different set of parms to
shut out certain ports and am not using the right references..
2018-02-12 13:38:01,892 fail2ban.action  Â
     [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- stdout: ''
2018-02-12 13:38:01,892 fail2ban.action  Â
     [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout
7776000 -exist -- stderr: 'ipset v6.29: The
set with the given name does not exist\n'
2018-02-12 13:38:01,892 fail2ban.action  Â
     [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- returned 1
2018-02-12 13:38:01,892 fail2ban.actions Â
     [1305]: ERROR  Failed to
execute ban jail 'manban' action
'firewallcmd-ipset' info
'CallingMap({'ipjailmatches': <function
<lambda> at 0x124c938>, 'matches': '', 'ip':
'118.69.37.118', 'ipmatches': <function
<lambda> at 0x124ca28>, 'ipfailures':
<function <lambda> at 0x124c578>, 'time':
1518464281.783138, 'failures': 1,
'ipjailfailures': <function <lambda> at
0x124c6e0>})': Error banning 118.69.37.118
jail.local:Â (think the problem may be with
the command/parms I'm using to determine which ports to block)
[manban]
enabled = true
filter  = manban
port =
smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks,21,22
logpath = /var/log/manban.log
maxretry = 1
# 1 month
bantime = 2592000
findtime = 3600
manban.conf:Â (I assume this isn't the
problem because this is a copy of an
existing conf that isn't being actively tested)
[INCLUDES]
before = common.conf
[Definition]
#Looks for failed password logins to SMTP
# sample trigger line: [Fri Aug 19 10:33:10
2011] [error] [client 207.171.3.138] File
does not exist: /var/www/skraps/roundcubemail
failregex =
^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2}
\d{1,4}. \[error] \[client.<HOST>].File does not exist:.{1,40}roundcube.{1
,200}
ignoreregex =
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
<http://sdm.link/slashdot>http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
<mailto:[email protected]>[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
<mailto:[email protected]>[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
<http://sdm.link/slashdot>http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
<mailto:[email protected]>[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
<http://sdm.link/slashdot>http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
<mailto:[email protected]>[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
