[CentOS] fail2ban problem

Wed Apr 10 12:32:42 UTC 2013
SilverTip257 <silvertip257 at gmail.com>

On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit <ngatsis at qbit.gr>wrote:

> Hello list
> I'm trying to setup fail2ban specially sasl action but I'm facing problems.
> I have centos-release-5-9.el5.centos.1
> and
> fail2ban-0.8.7.1-1.el5.rf
>

I'm using fail2ban from EPEL since I didn't have any luck with the package
from RPMForge.  I standardize on using EPEL if I can (but another admin
installed the rpmforge repo earlier).

I had to tweak the regex for the sasl filter to get it to match failed sasl
auth attempts though (EPEL package).

]# grep failregex /etc/fail2ban/filter.d/sasl.conf
# Option: failregex
#failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/]*={0,2})?$
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/\s]*={0,2})?$



> installed
> with selinux disabled
>
> The errors I get are:
> INFO   Creating new jail 'sasl-iptables'
> fail2ban.comm   : WARNING Invalid command: ['add', 'sasl-iptables',
> 'polling']
>

I believe this is exactly what I saw before I bailed on the rpmforge
fail2ban packages.


>
> I tried gemin against polling but I get the same error.
>

You don't need to set it to gamin ... the sasl jail (by default) is set to
polling (and this works with the EPEL package).


> The strange thing is that if I enable ssh action, starts with no problem.
> So it appears to be problem with sasl action, witch is:
>
> [sasl-iptables]
>
> enabled  = true
> filter   = sasl
> backend  = polling
> action   = iptables-multiport[name=sasl,
> port="imap,imaps,pop3,pop3s,smtp", protocol=tcp]
>            sendmail-whois[name=sasl, dest=my at email]
> logpath  = /var/log/maillog
>
> The same setup I have in several mailserver (fedora and centos 6 distro)
> and all work fine.
>
> Does someone faced the same problem?
>
> Thak you in advance.
>
> --
> Untitled Document
> ------------------------------------------------------------------------
> *Γατσής Νίκος - Gatsis Nikos*
> Web developer
> tel.: 2108256721 - 2108256722
> fax: 2108256712
> email: ngatsis at qbit.gr
> http://www.qbit.gr
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //