[CentOS] fail2ban problem
SilverTip257
silvertip257 at gmail.com
Wed Apr 10 12:32:42 UTC 2013
On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit <ngatsis at qbit.gr>wrote:
> Hello list
> I'm trying to setup fail2ban specially sasl action but I'm facing problems.
> I have centos-release-5-9.el5.centos.1
> and
> fail2ban-0.8.7.1-1.el5.rf
>
I'm using fail2ban from EPEL since I didn't have any luck with the package
from RPMForge. I standardize on using EPEL if I can (but another admin
installed the rpmforge repo earlier).
I had to tweak the regex for the sasl filter to get it to match failed sasl
auth attempts though (EPEL package).
]# grep failregex /etc/fail2ban/filter.d/sasl.conf
# Option: failregex
#failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/]*={0,2})?$
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/\s]*={0,2})?$
> installed
> with selinux disabled
>
> The errors I get are:
> INFO Creating new jail 'sasl-iptables'
> fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables',
> 'polling']
>
I believe this is exactly what I saw before I bailed on the rpmforge
fail2ban packages.
>
> I tried gemin against polling but I get the same error.
>
You don't need to set it to gamin ... the sasl jail (by default) is set to
polling (and this works with the EPEL package).
> The strange thing is that if I enable ssh action, starts with no problem.
> So it appears to be problem with sasl action, witch is:
>
> [sasl-iptables]
>
> enabled = true
> filter = sasl
> backend = polling
> action = iptables-multiport[name=sasl,
> port="imap,imaps,pop3,pop3s,smtp", protocol=tcp]
> sendmail-whois[name=sasl, dest=my at email]
> logpath = /var/log/maillog
>
> The same setup I have in several mailserver (fedora and centos 6 distro)
> and all work fine.
>
> Does someone faced the same problem?
>
> Thak you in advance.
>
> --
> Untitled Document
> ------------------------------------------------------------------------
> *Γατσής Νίκος - Gatsis Nikos*
> Web developer
> tel.: 2108256721 - 2108256722
> fax: 2108256712
> email: ngatsis at qbit.gr
> http://www.qbit.gr
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
---~~.~~---
Mike
// SilverTip257 //
More information about the CentOS
mailing list