Fail2Ban -- not banning?
Fail2Ban -- not banning?
I've been intentionally logging in with the wrong password to the panel.
/var/log/vesta/auth.log shows the failed attempts
but when I check fail2ban-client status vesta-iptables there are no failed and no banned ips
/var/log/vesta/auth.log shows the failed attempts
but when I check fail2ban-client status vesta-iptables there are no failed and no banned ips
Re: Fail2Ban -- not banning?
Maby you should look at your fail2ban config file.
You can see what fail2ban does. Most of the time, the ip got banned for 300 seconds (I think).
If you're really paranoid you can change your config file ;)
/etc/fail2ban/jail.conf I thought
/Daan
You can see what fail2ban does. Most of the time, the ip got banned for 300 seconds (I think).
If you're really paranoid you can change your config file ;)
/etc/fail2ban/jail.conf I thought
/Daan
Re: Fail2Ban -- not banning?
I've been working with the config file. You should use jail.local rather than jail.config.
I've come to the conclusion that most of the pattern detections are wrong and by replacing them I've been able to get the mail stuff to detect some but not all of the attempted logins.
The problem with doing that for the panel is that the panel doesn't write dates into the log file. I need a way to change VestaCP's logging to include a time stamp.
I also find it strange that out of the box the regex for all the other logs appear to be wrong. I can't imagine that is only true for me.
I've come to the conclusion that most of the pattern detections are wrong and by replacing them I've been able to get the mail stuff to detect some but not all of the attempted logins.
The problem with doing that for the panel is that the panel doesn't write dates into the log file. I need a way to change VestaCP's logging to include a time stamp.
I also find it strange that out of the box the regex for all the other logs appear to be wrong. I can't imagine that is only true for me.
Re: Fail2Ban -- not banning?
On my Debian 8 - 0.9.8-16 system the logs are complete empty, but in webpanel I can see them, so that is strange.
@Naldinho: Can you please share with us your configs? I would look for logrotate in the vesta files or configs, there are some parameters where you can set the timestamp, it is also an bad issue that i came across, but i did not fixed it yet.
It is crucial that these things work correctly, otherwise I setup better by my own.
@Naldinho: Can you please share with us your configs? I would look for logrotate in the vesta files or configs, there are some parameters where you can set the timestamp, it is also an bad issue that i came across, but i did not fixed it yet.
It is crucial that these things work correctly, otherwise I setup better by my own.
Re: Fail2Ban -- not banning?
CentOS 7.2 -- Digital Ocean
After that I didn't change anything -- just did a default install of VestaCP 0.9.8-16
I actually am likely to abandon the use of a panel at this point and just configure everything myself. I am not selling hosting and the panel was just for personal use but I am having way too many issues beyond just this one that I'm not experiencing the time savings I was hoping for. It is unfortunate because this is a good product and I feel it is 98% of the way there.
After that I didn't change anything -- just did a default install of VestaCP 0.9.8-16
I actually am likely to abandon the use of a panel at this point and just configure everything myself. I am not selling hosting and the panel was just for personal use but I am having way too many issues beyond just this one that I'm not experiencing the time savings I was hoping for. It is unfortunate because this is a good product and I feel it is 98% of the way there.