Generally my findtime is 7200 - 2 hours.
On Fri, 10 Aug 2018 at 21:01, Wayne Sallee <[email protected]> wrote:
> Your right. I should make it a lot longer.
>
> Wayne Sallee
> [email protected]
> http://www.WayneSallee.com
>
> On 08/10/2018 03:51 PM, Philip Clarke via Fail2ban-users wrote:
>
> That's a really short find time by default.
>
>
>
> On 10 Aug 2018 20:47, Wayne Sallee <[email protected]>
> <[email protected]> wrote:
>
> cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
> sed -i 's/^/#/' /etc/fail2ban/jail.local
>
> cat >>/etc/fail2ban/jail.local<< "EOF"
>
> [DEFAULT]
> # Number of seconds.
> bantime = 86400
> findtime = 600
> maxretry = 5
> action = %(action_mwl)s
>
>
> [sshd]
> enabled = true
> port = ssh
> logpath = /var/log/auth.log
> backend = %(sshd_backend)s
>
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error.log
> /var/log/apache2/error1.log
> /var/log/apache2/error5.log
> maxretry = 2
>
> EOF
>
>
>
>
> Something like that. :-)
>
> Wayne Sallee
> [email protected]
> http://www.WayneSallee.com
>
>
> On 08/10/2018 03:15 PM, Tony Collins wrote:
>
> It would be so helpful if we could see your config files :-)
>
> Are you comfortable sharing them yet?
>
> If you want to email privately, I'm happy to do that. I've shared my
> config files here before.
>
> Please do not worry about sharing stuff like that. We've all got f2b, we
> all know how bad it can be to set it up and to make nice .conf files.
>
> We can set it all up perfectly with a bit of effort :-)
>
> Tony
>
> On Fri, 10 Aug 2018 at 20:11, Wayne Sallee <[email protected]> wrote:
>
> Although the space does produce better results, so it's needed.
>
>
> Wayne Sallee
> [email protected]
> http://www.WayneSallee.com
>
> On 08/10/2018 03:03 PM, Wayne Sallee wrote:
>
> I already tried both methods, and even tried spaces after the line.
> Maybe I got a buggy version of Fail2Ban.
>
> Wayne Sallee
> [email protected]
> http://www.WayneSallee.com
>
> On 08/10/2018 02:43 PM, Tony Collins wrote:
>
> Thank you for the information.
>
> Ok, I think you mentioned that the semi-colon doesn't work either. But I'd
> like to check.
>
> Can you tell me if this works:
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error.log;/var/log/apache2/error2.log
> maxretry = 2
>
> So, no spaces between the two file paths/names, just a ;
>
> Also I think maybe you might need an extra space if you use the "newline"
> method. I think I forgot to say this!
>
> Does this work:
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error.log
> /var/log/apache2/error2.log
> maxretry = 2
>
> Note that when I pressed enter at the end of the "logpath" line, I then
> typed a space before I typed "/var/log/apache2/error2.log
>
> Please try both of those. Fail2ban is very "fussy" about its configuration
> files. I have made so many errors while writing configuration files. It is
> painful!
>
> Tony
>
> On Fri, 10 Aug 2018 at 19:38, Wayne Sallee <[email protected]> wrote:
>
> For example this will error:
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error.log
> /var/log/apache2/error2.log
> maxretry = 2
>
>
> ERROR Failed during configuration: Source contains parsing errors:
> '/etc/fail2ban/jail.local'
> [line 883]: '/var/log/apache2/error2.log\n'
>
>
> But this will not error:
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error.log
> maxretry = 2
>
> And this will not error:
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error2.log
> maxretry = 2
>
>
> /var/log/apache2/error2.log is a substitute name.
>
>
> Wayne Sallee
> [email protected]
> http://www.WayneSallee.com
>
>
> On 08/10/2018 02:14 PM, Tony Collins wrote:
>
> Maybe there is a small mistake somewhere in the configuration?
>
> Please paste the jail's configuration here - we will use "fresh eyes" to
> see if we can find the problem :-)
>
> On Fri, 10 Aug 2018 at 19:05, Wayne Sallee <[email protected]> wrote:
>
> I figured that was it, but then wondered surely he knows it's disabled. :-)
> I thought spacing was working before, but it's not, nether does ";" and
> nether does a new line. So I just put the others on new lines, and
> commented them out. That works :-) sortof :-)
>
>
> Wayne Sallee
> [email protected]
> http://www.WayneSallee.com
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
> --
> -- Tony Collins
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> Fail2ban-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> Fail2ban-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
> --
> -- Tony Collins
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> Fail2ban-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> Fail2ban-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
--
-- Tony Collins
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
