Nothing showing up on Blocklist from my Fail2Ban

Antworten
Gregorywest
Beiträge: 5
Registriert: 3. Okt 2014, 21:50

Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Gregorywest » 7. Okt 2014, 22:21

I am getting dozens of hits every day, but nothing is showing up here. Am I doing something wrong? Enclosed are my Jail.conf and fail2ban.conf
Dateianhänge
fail2ban.conf.txt
(1.03 KiB) 178-mal heruntergeladen
jail.conf.txt
(10.35 KiB) 225-mal heruntergeladen

Benutzeravatar
Martin
Beiträge: 400
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Martin » 7. Okt 2014, 22:34

Hello,

we have locked into our Logfiles for the Domain which you has used in your jail.conf for the sender-Address, but we dont found any records.
For the IP-Address from your server, also nothing found.

Can you look at your Mail-Logs, that Mails was send to @blocklist.de?

Which stands in /var/log/fail2ban.log?
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

Gregorywest
Beiträge: 5
Registriert: 3. Okt 2014, 21:50

Re: Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Gregorywest » 7. Okt 2014, 23:07

I have changed my loglevel to information (3). Will wait for Fail2Ban to tell me it banned someone then send you the log file. There was nothing in the logs when the loglevel was set to error (1).

Gregorywest
Beiträge: 5
Registriert: 3. Okt 2014, 21:50

Re: Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Gregorywest » 7. Okt 2014, 23:12

WOW that did not take long:

2014-10-07 17:05:47,164 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.8
2014-10-07 17:05:47,166 fail2ban.jail : INFO Creating new jail 'recidive'
2014-10-07 17:05:47,172 fail2ban.jail : INFO Jail 'recidive' uses Gamin
2014-10-07 17:05:47,210 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,213 fail2ban.filter : INFO Added logfile = /var/log/fail2ban.log-20141006
2014-10-07 17:05:47,214 fail2ban.filter : INFO Set maxRetry = 20
2014-10-07 17:05:47,217 fail2ban.filter : INFO Set findtime = 86400
2014-10-07 17:05:47,218 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:05:47,236 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2014-10-07 17:05:47,237 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin
2014-10-07 17:05:47,238 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,240 fail2ban.filter : INFO Added logfile = /var/log/secure
2014-10-07 17:05:47,241 fail2ban.filter : INFO Set maxRetry = 3
2014-10-07 17:05:47,243 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:05:47,244 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:05:47,304 fail2ban.jail : INFO Creating new jail 'apache-badbots'
2014-10-07 17:05:47,306 fail2ban.jail : INFO Jail 'apache-badbots' uses Gamin
2014-10-07 17:05:47,307 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,309 fail2ban.filter : INFO Added logfile = /var/log/httpd/access_log
2014-10-07 17:05:47,310 fail2ban.filter : INFO Set maxRetry = 1
2014-10-07 17:05:47,312 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:05:47,313 fail2ban.actions: INFO Set banTime = 172800
2014-10-07 17:05:47,352 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2014-10-07 17:05:47,352 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2014-10-07 17:05:47,353 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,355 fail2ban.filter : INFO Added logfile = /var/log/asterisk/fail2ban
2014-10-07 17:05:47,356 fail2ban.filter : INFO Set maxRetry = 3
2014-10-07 17:05:47,359 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:05:47,360 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:05:47,419 fail2ban.jail : INFO Creating new jail 'pbx-gui'
2014-10-07 17:05:47,420 fail2ban.jail : INFO Jail 'pbx-gui' uses Gamin
2014-10-07 17:05:47,421 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,424 fail2ban.filter : INFO Added logfile = /var/log/asterisk/freepbx_security.log
2014-10-07 17:05:47,425 fail2ban.filter : INFO Set maxRetry = 3
2014-10-07 17:05:47,429 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:05:47,437 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:05:47,462 fail2ban.jail : INFO Creating new jail 'apache-tcpwrapper'
2014-10-07 17:05:47,462 fail2ban.jail : INFO Jail 'apache-tcpwrapper' uses Gamin
2014-10-07 17:05:47,463 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,468 fail2ban.filter : INFO Added logfile = /var/log/httpd/error_log
2014-10-07 17:05:47,469 fail2ban.filter : INFO Set maxRetry = 6
2014-10-07 17:05:47,472 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:05:47,477 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:05:47,507 fail2ban.jail : INFO Creating new jail 'vsftpd-iptables'
2014-10-07 17:05:47,507 fail2ban.jail : INFO Jail 'vsftpd-iptables' uses Gamin
2014-10-07 17:05:47,508 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:05:47,510 fail2ban.filter : INFO Set maxRetry = 5
2014-10-07 17:05:47,512 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:05:47,514 fail2ban.actions: INFO Set banTime = 1800
2014-10-07 17:05:47,560 fail2ban.jail : INFO Jail 'recidive' started
2014-10-07 17:05:47,588 fail2ban.jail : INFO Jail 'ssh-iptables' started
2014-10-07 17:05:47,613 fail2ban.jail : INFO Jail 'apache-badbots' started
2014-10-07 17:05:47,656 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2014-10-07 17:05:47,698 fail2ban.jail : INFO Jail 'pbx-gui' started
2014-10-07 17:05:47,734 fail2ban.jail : INFO Jail 'apache-tcpwrapper' started
2014-10-07 17:05:47,776 fail2ban.jail : INFO Jail 'vsftpd-iptables' started
2014-10-07 17:07:42,956 fail2ban.actions: WARNING [asterisk-iptables] Ban 37.187.56.46
2014-10-07 17:09:33,585 fail2ban.server : INFO Stopping all jails
2014-10-07 17:09:34,169 fail2ban.jail : INFO Jail 'apache-tcpwrapper' stopped
2014-10-07 17:09:35,151 fail2ban.jail : INFO Jail 'recidive' stopped
2014-10-07 17:09:35,997 fail2ban.jail : INFO Jail 'pbx-gui' stopped
2014-10-07 17:09:36,949 fail2ban.jail : INFO Jail 'apache-badbots' stopped
2014-10-07 17:09:37,911 fail2ban.jail : INFO Jail 'ssh-iptables' stopped
2014-10-07 17:09:38,188 fail2ban.actions: WARNING [asterisk-iptables] Unban 37.187.56.46
2014-10-07 17:09:38,797 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2014-10-07 17:09:39,147 fail2ban.jail : INFO Jail 'vsftpd-iptables' stopped
2014-10-07 17:09:39,148 fail2ban.server : INFO Exiting Fail2ban
2014-10-07 17:09:43,327 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.8
2014-10-07 17:09:43,330 fail2ban.jail : INFO Creating new jail 'recidive'
2014-10-07 17:09:43,331 fail2ban.jail : INFO Jail 'recidive' uses Gamin
2014-10-07 17:09:43,352 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,354 fail2ban.filter : INFO Added logfile = /var/log/fail2ban.log
2014-10-07 17:09:43,356 fail2ban.filter : INFO Added logfile = /var/log/fail2ban.log-20141006
2014-10-07 17:09:43,357 fail2ban.filter : INFO Set maxRetry = 20
2014-10-07 17:09:43,360 fail2ban.filter : INFO Set findtime = 86400
2014-10-07 17:09:43,361 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:09:43,377 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2014-10-07 17:09:43,378 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin
2014-10-07 17:09:43,379 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,381 fail2ban.filter : INFO Added logfile = /var/log/secure
2014-10-07 17:09:43,382 fail2ban.filter : INFO Set maxRetry = 3
2014-10-07 17:09:43,384 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:09:43,385 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:09:43,454 fail2ban.jail : INFO Creating new jail 'apache-badbots'
2014-10-07 17:09:43,454 fail2ban.jail : INFO Jail 'apache-badbots' uses Gamin
2014-10-07 17:09:43,455 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,457 fail2ban.filter : INFO Added logfile = /var/log/httpd/access_log
2014-10-07 17:09:43,458 fail2ban.filter : INFO Set maxRetry = 1
2014-10-07 17:09:43,460 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:09:43,461 fail2ban.actions: INFO Set banTime = 172800
2014-10-07 17:09:43,498 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2014-10-07 17:09:43,498 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2014-10-07 17:09:43,499 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,501 fail2ban.filter : INFO Added logfile = /var/log/asterisk/fail2ban
2014-10-07 17:09:43,502 fail2ban.filter : INFO Set maxRetry = 3
2014-10-07 17:09:43,505 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:09:43,506 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:09:43,565 fail2ban.jail : INFO Creating new jail 'pbx-gui'
2014-10-07 17:09:43,566 fail2ban.jail : INFO Jail 'pbx-gui' uses Gamin
2014-10-07 17:09:43,568 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,570 fail2ban.filter : INFO Added logfile = /var/log/asterisk/freepbx_security.log
2014-10-07 17:09:43,572 fail2ban.filter : INFO Set maxRetry = 3
2014-10-07 17:09:43,576 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:09:43,580 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:09:43,595 fail2ban.jail : INFO Creating new jail 'apache-tcpwrapper'
2014-10-07 17:09:43,595 fail2ban.jail : INFO Jail 'apache-tcpwrapper' uses Gamin
2014-10-07 17:09:43,596 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,598 fail2ban.filter : INFO Added logfile = /var/log/httpd/error_log
2014-10-07 17:09:43,599 fail2ban.filter : INFO Set maxRetry = 6
2014-10-07 17:09:43,602 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:09:43,603 fail2ban.actions: INFO Set banTime = 604800
2014-10-07 17:09:43,622 fail2ban.jail : INFO Creating new jail 'vsftpd-iptables'
2014-10-07 17:09:43,622 fail2ban.jail : INFO Jail 'vsftpd-iptables' uses Gamin
2014-10-07 17:09:43,623 fail2ban.jail : INFO Initiated 'gamin' backend
2014-10-07 17:09:43,625 fail2ban.filter : INFO Set maxRetry = 5
2014-10-07 17:09:43,627 fail2ban.filter : INFO Set findtime = 300
2014-10-07 17:09:43,628 fail2ban.actions: INFO Set banTime = 1800
2014-10-07 17:09:43,658 fail2ban.jail : INFO Jail 'recidive' started
2014-10-07 17:09:43,691 fail2ban.jail : INFO Jail 'ssh-iptables' started
2014-10-07 17:09:43,711 fail2ban.jail : INFO Jail 'apache-badbots' started
2014-10-07 17:09:43,734 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2014-10-07 17:09:43,770 fail2ban.jail : INFO Jail 'pbx-gui' started
2014-10-07 17:09:43,801 fail2ban.jail : INFO Jail 'apache-tcpwrapper' started
2014-10-07 17:09:43,846 fail2ban.jail : INFO Jail 'vsftpd-iptables' started
2014-10-07 17:09:45,967 fail2ban.actions: WARNING [asterisk-iptables] Ban 37.187.56.46

Benutzeravatar
Martin
Beiträge: 400
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Martin » 8. Okt 2014, 11:20

Hi,

i have check it again, but nothing. No Mail from you and no incoming Report against 37.187.56.46.

Have you sendmail installed on your Server?

A other way is to download the following file into /etc/fail2ban/action.d/blocklist_de.conf from https://github.com/fail2ban/fail2ban/bl ... st_de.conf
and changed the Settings in the /etc/fail2ban/jail.conf to:

In the top from:

Code: Alles auswählen

action = xxxxxx
to:

Code: Alles auswählen

action = blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="your-api-key-from-server-on-blocklist.de-profile"]
then the Attacks will be reported over curl to the blocklist http-api.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

Gregorywest
Beiträge: 5
Registriert: 3. Okt 2014, 21:50

Re: Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Gregorywest » 9. Okt 2014, 03:44

AH think that might be the issue. If I am not mistaken I am using Postfix, not Sendmail. Should something be changed?

Gregorywest
Beiträge: 5
Registriert: 3. Okt 2014, 21:50

Re: Nothing showing up on Blocklist from my Fail2Ban

Beitrag von Gregorywest » 10. Okt 2014, 19:01

Think I found the issue. FreePBX created a jail.local (See below) which was overriding the jail.conf
I have updated the jail.local file, and added the blocklist_de.conf to my actions.d folder.

Will see if this works. Here is my jail.local file:
#Configuration automatically generated via the Sysadmin Module
#DO NOT HAND MODIFY THIS FILE!
#generated: Fri, 10 Oct 2014 12:37:33 -0500

[DEFAULT]
ignoreip = 127.0.0.1 10.10.10.0/24
bantime = 604096
findtime = 300
maxretry = 3
backend = auto

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------"]
logpath = /var/log/asterisk/fail2ban

[pbx-gui]
enabled = true
filter = freepbx
action = iptables-allports[name=PBX-GUI, protocol=all]
sendmail[name=PBX-GUI, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------"]
logpath = /var/log/asterisk/freepbx_security.log

[ssh-iptables]
enabled = true
filter = sshd
action = iptables-allports[name=SSH, port=ssh, protocol=tcp]
sendmail[name=SSH, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------"]
logpath = /var/log/secure

[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = iptables-allports[name=apache-auth, port=http, protocol=tcp]
sendmail[name=apache-auth, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------"]
logpath = /var/log/httpd/error_log


[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables-allports[name=FTP, port=ftp, protocol=tcp]
sendmail[name=FTP, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------c"]
logpath = /var/log/vsftpd.log

[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-allports[name=BadBots, port="http,https"]
sendmail[name=BadBots, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------"]
logpath = /var/log/httpd/*access_log

[recidive]
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log*
action = iptables-allports[name=recidive, protocol=all]
sendmail[name=recidive, dest=gregory.west@dbwsys.mb.ca, sender=DBWSYS-PBX@dbwsys.mb.ca]
blocklist_de[email="fail2ban@sip.dbwsys.mb.ca", service=%(filter)s, apikey="----------"]
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 20

Antworten