-
fail2ban and vsftp
Hi,
I've setup fail2ban to try and block some ftp login failures.
I've changed the fail slightly to:
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath = /var/log/vsftpd.log
maxretry = 1
bantime = 1800
Removing the need for email notification.
I've modified vsftp to duallog to vsftpd.log, and I do get errors:
Wed Mar 30 16:54:12 2011 [pid 16726] CONNECT: Client "212.XXX.22.21"
Wed Mar 30 16:54:58 2011 [pid 16769] CONNECT: Client "212.XXX.22.21"
Wed Mar 30 16:55:04 2011 [pid 16768] [abc] FAIL LOGIN: Client "212.XXX.22.21"
Wed Mar 30 16:55:21 2011 [pid 16768] [abc] FAIL LOGIN: Client "212.XXX.22.21"
But nothing happens in fail2bans log
The process for python is running... I can see the VSFTP jail in iptables.. SELinux is disabled
I'm not sure where else the problem could be.
Any ideas ?
-
did you verify the path to logs = the logs actually to exist at ?
/var/log/vsftpd.log
/var/log/fail2ban.log
and enable vsftp configuration to log to the /var/log/vsftpd.log ?
before you modify existing default configuration, first make sure the original works, then modify as needed IF really needed