gut, fail2ban läuft (dank yum sofort) aber er lässt mich auch nach x fehlversuchen noch ran... was könnt da falsch laufen? im jails.conf hab ich schon bei der iptables-action den port von ssh auf den port gestellt auf dem bei mir ssh läuft.
hier mal der output von iptables -save zur allgemeinen analyse ob eh nur ssh offen is, thx!:
Zitat:
# Generated by iptables-save v1.3.8 on Sat Dec 22 18:12:58 2007
*raw
:PREROUTING ACCEPT [10347:10178545]
:OUTPUT ACCEPT [7351:1114036]
COMMIT
# Completed on Sat Dec 22 18:12:58 2007
# Generated by iptables-save v1.3.8 on Sat Dec 22 18:12:58 2007
*nat
:PREROUTING ACCEPT [61:11420]
:POSTROUTING ACCEPT [21:1423]
:OUTPUT ACCEPT [21:1423]
COMMIT
# Completed on Sat Dec 22 18:12:58 2007
# Generated by iptables-save v1.3.8 on Sat Dec 22 18:12:58 2007
*mangle
:PREROUTING ACCEPT [10347:10178545]
:INPUT ACCEPT [10319:10168857]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7353:1114284]
:POSTROUTING ACCEPT [7353:1114284]
COMMIT
# Completed on Sat Dec 22 18:12:58 2007
# Generated by iptables-save v1.3.8 on Sat Dec 22 18:12:58 2007
*filter
:INPUT ACCEPT [10319:10168857]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7353:1114284]
:fail2ban-SSH - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A fail2ban-SSH -j RETURN
COMMIT
# Completed on Sat Dec 22 18:12:58 2007
|
und fail2ban.log
Zitat:
Fail2Ban" | /usr/sbin/sendmail -f fail2ban@mail.com root returned 7f00
2007-12-22 17:23:05,662 fail2ban.comm : WARNING Invalid command: ['INFO']
2007-12-22 17:45:37,860 fail2ban.actions: WARNING [ssh-iptables] Ban 194.x.x.x. (meine IP) 2007-12-22 17:45:38,022 fail2ban.actions.action: ERROR echo -en "Subject: [Fail
2Ban] SSH: banned 194.x.x.x
From: Fail2Ban <fail2ban@mail.com>
To: root\n
Hi,\n
The IP 194.x.x.x has just been banned by Fail2Ban after
5 attempts against SSH.\n\n
Here are more information about 194.x.x.x:\n
`/usr/bin/whois 194.208.218.74`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f fail2ban@mail.com root returned 7f00
2007-12-22 17:55:38,829 fail2ban.actions: WARNING [ssh-iptables] Unban 194.x.
x.x
|