[CentOS] Can't run fail2ban 0.8.4 [CentOS 6]
John Hinton
webmaster at ew3d.com
Fri Nov 4 12:49:40 UTC 2011
On 11/4/2011 8:24 AM, Kévin GASPARD wrote:
> Le 04/11/2011 12:54, Patrick Lists a écrit :
>> On 11/04/2011 12:48 PM, Kévin GASPARD wrote:
>>> The output of service fail2ban start in root (that's in french) :
>>>
>>> Démarrage de fail2ban : [ÉCHOUÉ]
>> The docs on the fail2ban website also say how you can start fail2ban
>> manually (at http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Usage):
>>
>> $ fail2ban-client start
>>
>> Maybe starting it that way gives you more information why it fails.
>>
>> Regards,
>> Patrick
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> Hi,
>
> [root at turing lighttpd]# fail2ban-client start
> WARNING 'action' not defined in 'php-url-fopen'. Using default value
> WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
> ERROR Error in action definition
> ERROR Errors in jail 'lighttpd-fastcgi'. Skipping...
>
> Cordially
>
Yeah... I was thinking that was the problem. I'm running Fail2Ban and I
think I got it from EPEL, on CentOS 6 without problems.
Looks like you need to kill off some of your jail confs and then turn
them on and tune them one by one. Fail2Ban relies on logging and even
certain log levels being run from the services you are checking. I found
the default Fail2Ban install worked very well on a default
webserver/mailserver install. There were a number of things that I
needed to do to turn on other checks. And I have customized even
further. For instance, I subscribe to Spamhaus. I use the spamhaus
maillog entries to look for repeated attempts to one or more domains and
after so many, block the offender at the firewall. Saves a lot of server
load and 'seems' to make these folks give up on my systems to some extent.
So, turn off most of the event triggers and then turn them back on one
at a time. Then edit the rules as needed or set log levels on the
service being checked to give the output needed to work with the rule.
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
More information about the CentOS
mailing list