fail2ban and vsftp

Hi,

I've setup fail2ban to try and block some ftp login failures.

I've changed the fail slightly to:

[vsftpd-iptables]

enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath = /var/log/vsftpd.log
maxretry = 1
bantime = 1800

Removing the need for email notification.

I've modified vsftp to duallog to vsftpd.log, and I do get errors:

Wed Mar 30 16:54:12 2011 [pid 16726] CONNECT: Client "212.XXX.22.21"
Wed Mar 30 16:54:58 2011 [pid 16769] CONNECT: Client "212.XXX.22.21"
Wed Mar 30 16:55:04 2011 [pid 16768] [abc] FAIL LOGIN: Client "212.XXX.22.21"
Wed Mar 30 16:55:21 2011 [pid 16768] [abc] FAIL LOGIN: Client "212.XXX.22.21"


But nothing happens in fail2bans log

The process for python is running... I can see the VSFTP jail in iptables.. SELinux is disabled

I'm not sure where else the problem could be.

Any ideas ?

did you verify the path to logs = the logs actually to exist at ?

/var/log/vsftpd.log
/var/log/fail2ban.log

and enable vsftp configuration to log to the /var/log/vsftpd.log ?

before you modify existing default configuration, first make sure the original works, then modify as needed IF really needed