Differences

This shows you the differences between two versions of the page.

--- start:howto:fail2ban [2015/09/28 15:41]
mrpink [rainloop.conf]
+++ start:howto:fail2ban [2016/09/17 15:12] (current)
flames [jail.local]
@@ Line 10: / Line 10: @@
 First we need to install fail2ban via aptitude
-<konsole root>
-# aptitude update
+# aptitude update && aptitude install fail2ban
-# aptitude install fail2ban
-</konsole>
 ===== Configuration =====
@@ Line 184: / Line 182: @@
 filter   = proftpd
 logpath  = /var/log/auth.log
+maxretry = 6
+[vsftpd]
+enabled  = true
+port     = ftp,ftp-data,ftps,ftps-data
+filter   = vsftpd-fixed
+logpath  = /var/log/vsftpd.log
 maxretry = 6
@@ Line 304: / Line 311: @@
 #
 ignoreregex =
+</code>
+----
+Restart fail2ban and test if all is working:
+# service fail2ban restart
+===== vsftpd =====
+Now create a new file **/etc/fail2ban/filter.d/vsftpd-fixed.conf** and copy the following content into the file:
+<code>
+# Fail2Ban filter for vsftp
+#
+# Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch
+# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the
+# incoming ip address rather than domain names.
+[INCLUDES]
+before = common.conf
+[Definition]
+__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+_daemon =  vsftpd
+failregex = ^%(__prefix_line)s%(__pam_re)s\s+Permission denied; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+            ^ \[pid \d+\] \[.+\]\s+FTP response: Client "::ffff:<HOST>",\s*"530 Permission denied\."\s*$
+ignoreregex =
+# Version from fail2ban wiki does't work, fixed version
 </code>
@@ Line 318: / Line 361: @@
 To test your current config use fail2ban-regex. Here an example for dovecot:
-<konsole root>
 # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/dovecot.conf
-</konsole>
 ===== Links =====
 Fail2ban offical website --> [[http://www.fail2ban.org]]

i-MSCP Documentation

User Tools

Site Tools

Differences

Page Tools