Bonjour,
J'ai debian 6.0.5 "squeeze" sur un Seagate Freeagent Dockstar.
fail2ban installé, démarre normalement, mais n'écrit rien sur /var/log/fail2ban.log.
_______________________________________________
Une jail SSH est activée :
root@debian:~# fail2ban-client -dWARNING 'findtime' not defined in 'ssh'. Using default value
['set', 'loglevel', 3]
['set', 'logtarget', '/var/log/fail2ban.log']
['add', 'ssh', 'polling']
['set', 'ssh', 'addlogpath', '/var/log/auth.log']
...
['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?$']
...
['set', 'ssh', 'addaction', 'iptables-multiport']
['set', 'ssh', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
...
['set', 'ssh', 'setcinfo', 'iptables-multiport', 'name', 'ssh']
['set', 'ssh', 'setcinfo', 'iptables-multiport', 'port', 'ssh']
['start', 'ssh']
________________________________________________
L'interprétation des logs lus dans /var/log/auth.log se fait bien :
root@debian:~# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
/usr/share/fail2ban/server/filter.py:442: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5
...2013-02-19 11:03:31,253 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2013-02-19 11:03:31,274 fail2ban.jail : INFO Creating new jail 'ssh'
2013-02-19 11:03:31,275 fail2ban.jail : INFO Jail 'ssh' uses poller
2013-02-19 11:03:31,303 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2013-02-19 11:03:31,309 fail2ban.filter : INFO Set maxRetry = 6
2013-02-19 11:03:31,320 fail2ban.filter : INFO Set findtime = 600
2013-02-19 11:03:31,325 fail2ban.actions: INFO Set banTime = 600
2013-02-19 11:03:31,655 fail2ban.jail : INFO Jail 'ssh' started
Running tests
Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file : /var/log/auth.log
...
118.192.2.50 (Tue Feb 19 05:28:49 2013)
118.192.2.50 (Tue Feb 19 05:28:53 2013)
118.192.2.50 (Tue Feb 19 05:28:58 2013)
...
Success, the total number of match is 691_______________________________________________
2013-02-19 12:41:24,634 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2013-02-19 12:41:24,809 fail2ban.filter : INFO Added logfile = /var/log/auth.log