Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, I've setup fail2ban to try and block some ftp login failures. I've changed the fail slightly to: [vsftpd-iptables] enabled = true filter = vsftpd action = iptables[name=VSFTPD, port=ftp, protocol=tcp] ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2011
    Posts
    1

    fail2ban and vsftp


    Hi,

    I've setup fail2ban to try and block some ftp login failures.

    I've changed the fail slightly to:

    [vsftpd-iptables]

    enabled = true
    filter = vsftpd
    action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
    logpath = /var/log/vsftpd.log
    maxretry = 1
    bantime = 1800

    Removing the need for email notification.

    I've modified vsftp to duallog to vsftpd.log, and I do get errors:

    Wed Mar 30 16:54:12 2011 [pid 16726] CONNECT: Client "212.XXX.22.21"
    Wed Mar 30 16:54:58 2011 [pid 16769] CONNECT: Client "212.XXX.22.21"
    Wed Mar 30 16:55:04 2011 [pid 16768] [abc] FAIL LOGIN: Client "212.XXX.22.21"
    Wed Mar 30 16:55:21 2011 [pid 16768] [abc] FAIL LOGIN: Client "212.XXX.22.21"


    But nothing happens in fail2bans log

    The process for python is running... I can see the VSFTP jail in iptables.. SELinux is disabled

    I'm not sure where else the problem could be.

    Any ideas ?

  2. #2
    Linux Newbie hans51's Avatar
    Join Date
    May 2011
    Posts
    136
    did you verify the path to logs = the logs actually to exist at ?

    /var/log/vsftpd.log
    /var/log/fail2ban.log

    and enable vsftp configuration to log to the /var/log/vsftpd.log ?

    before you modify existing default configuration, first make sure the original works, then modify as needed IF really needed

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •