настраиваю fail2ban например для защиты proftpd Вот секция Default конфигурационного файла jails.conf: [DEFAULT] ignoreip = 127.0.0.1 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". # yoh: For some reason Debian shipped python-gamin didn't work as expected # This issue left ToDo, so polling is default backend for now backend = polling # # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = admin@ee.ru # Default banning action (e.g. iptables, iptables-new, # iptables-multiport, shorewall, etc) It is used to define # action_* variables. Can be overriden globally or per # section within jail.local file banaction = iptables-multiport # email action. Since 0.8.1 upstream fail2ban uses sendmail # MTA for the mailing. Change mta configuration parameter to mail # if you want to revert to conventional 'mail'. mta = sendmail # Default protocol protocol = tcp # # Action shortcuts. To be used to define action parameter # The simplest action to take: ban only action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] # ban & send an e-mail with whois report to the destemail. action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s] # ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s] # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section action = ""> В ней отсутствуют параметры bantime = 600 и maxretry = 3 Но если мы посмотрим в лог cat /var/log/fail2ban.log То увидим, что именно они и устанавливаются: 2011-11-04 12:18:42,086 fail2ban.jail : INFO Jail 'proftpd' stopped 2011-11-04 12:18:43,084 fail2ban.jail : INFO Jail 'ssh' stopped 2011-11-04 12:18:43,091 fail2ban.server : INFO Exiting Fail2ban 2011-11-04 12:18:43,597 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN 2011-11-04 12:18:43,599 fail2ban.jail : INFO Creating new jail 'ssh' 2011-11-04 12:18:43,599 fail2ban.jail : INFO Jail 'ssh' uses poller 2011-11-04 12:18:43,632 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2011-11-04 12:18:43,634 fail2ban.filter : INFO Set maxRetry = 3 2011-11-04 12:18:43,638 fail2ban.filter : INFO Set findtime = 604800 2011-11-04 12:18:43,640 fail2ban.actions: INFO Set banTime = 600 2011-11-04 12:18:43,787 fail2ban.jail : INFO Creating new jail 'proftpd' 2011-11-04 12:18:43,787 fail2ban.jail : INFO Jail 'proftpd' uses poller 2011-11-04 12:18:43,790 fail2ban.filter : INFO Added logfile = /var/log/proftpd/proftpd.log 2011-11-04 12:18:43,791 fail2ban.filter : INFO Set maxRetry = 3 2011-11-04 12:18:43,796 fail2ban.filter : INFO Set findtime = 604800 2011-11-04 12:18:43,797 fail2ban.actions: INFO Set banTime = 600 2011-11-04 12:18:43,826 fail2ban.jail : INFO Jail 'ssh' started 2011-11-04 12:18:43,831 fail2ban.jail : INFO Jail 'proftpd' started Даже не смотря на то, что в секциях jail'ов значения этих параметров совсем другие: [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 4 # one year - 365 days bantime = 31536000 # 1 week findtime = 604800 ignoreip = 127.0.0.1 192.168.0.0/24 [proftpd] enabled = true port = ftp,ftp-data filter = proftpd logpath = /var/log/proftpd/proftpd.log # 5 attempts, also add the MaxLoginAttempts 5 parametr to the proftpd.conf maxretry = 6 # one year - 365 days # bantime = 31536000 bantime = 100 # 1 week findtime = 604800 ignoreip = 127.0.0.1 192.168.0.0/24 В /etc/default проверял все чисто Вопрос: Почему это происходит ? -- С Уважением, специалист по техническому и программному обеспечению, системный администратор Скубриев Владимир ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Россия, Ростовская область, г. Таганрог тел. моб: +7 (918) 504 38 20 skype: v.skubriev icq: 214-800-502 www: skubriev.ru |