fail2ban - apache-badbots apache-badsearch
-
Bubblecatcher
- Posts: 37
- Joined: Tue Mar 06, 2018 8:38 am
- Os: Debian 8x
- Web: apache
fail2ban - apache-badbots apache-badsearch
Hi trying to get these 2 working, but not having any joy!
/etc/fail2ban/jail.conf
Working entry looks like this
getting following errors in log
No iptables created
Any ideas what i am missing?
thanks
/etc/fail2ban/jail.conf
Code: Select all
[apache-badbots]
enabled = true
filter = apache-badbots
action = vesta[name=BADBOTS]
logpath = /var/log/apache2/domains/*.log
maxretry = 3
[apache-botsearch]
enabled = true
filter = apache-botsearch
action = vesta[name=BADSEARCH]
logpath = /var/log/apache2/domains/*.log
maxretry = 3Code: Select all
[ssh-iptables]
enabled = true
filter = sshd
action = vesta[name=SSH]
logpath = /var/log/auth.log
maxretry = 3
Code: Select all
** ERRORS **
/usr/local/vesta/bin/v-add-firewall-chain BADBOTS -- stderr: b'': 1 Time(s)
/usr/local/vesta/bin/v-add-firewall-chain BADBOTS -- stdout: b'Usage: v-add-firewall-chain CHAIN PORT\n': 1 Time(s)
/usr/local/vesta/bin/v-add-firewall-chain BADSEARCH -- stderr: b'': 1 Time(s)
/usr/local/vesta/bin/v-add-firewall-chain BADSEARCH -- stdout: b'Usage: v-add-firewall-chain CHAIN PORT\n': 1 Time(s)
Failed to start jail 'apache-badbots' action 'vesta': Error starting action: 1 Time(s)
Failed to start jail 'apache-botsearch' action 'vesta': Error starting action: 1 Time(s)
1 error(s) returned from actions:
2018-10-26 12:31:42,679 fail2ban.action [1184]: ERROR /usr/local/vesta/bin/v-add-firewall-chain BADBOTS -- returned 1
2018-10-26 12:31:42,783 fail2ban.action [1184]: ERROR /usr/local/vesta/bin/v-add-firewall-chain BADSEARCH -- returned 1Code: Select all
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:8083
fail2ban-FTP tcp -- anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
f2b-recidive all -- anywhere anywhere
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imapsthanks
-
Bubblecatcher
- Posts: 37
- Joined: Tue Mar 06, 2018 8:38 am
- Os: Debian 8x
- Web: apache
Re: fail2ban - apache-badbots apache-badsearch
ok tried running command via console.
Code: Select all
/usr/local/vesta/bin/v-add-firewall-chain BADBOTS -- stdout: b'Usage: v-add-firewall-chain CHAIN PORT\n'
iptables v1.6.0: unknown protocol "busage:" specified
Try `iptables -h' or 'iptables --help' for more information.Re: fail2ban - apache-badbots apache-badsearch
you specified:
in file /usr/local/vesta/bin/v-add-firewall-chain
Either add your name, or choose from the standard ones, for apache it’s suitable:
Code: Select all
action = vesta[name=BADBOTS]Code: Select all
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Checking known chains
case $chain in
SSH) # Get ssh port by reading ssh config file.
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [ -z "$sshport" ]; then
sshport=2552
fi
port=$sshport;
protocol=TCP ;;
FTP) port=21; protocol=TCP ;;
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
DNS) port=53; protocol=UDP ;;
WEB) port='80,443'; protocol=TCP ;;
DB) port='3306,5432'; protocol=TCP ;;
VESTA) port=$vestaport; protocol=TCP ;;
*) check_args '2' "$#" 'CHAIN PORT' ;;
esac
Code: Select all
action = vesta[name=WEB]