Is my Fail2Ban working properly?
by n00b_noob from LinuxQuestions.org on (#5D45Q)
Hello,
I installed Fail2Ban on CentOS and created below ".conf" files in "jail.d" directory with below content:
Code:# cat mariadb.conf
[mysqld-auth]
enabled = true
filter = mysqld-auth
port = 3306
maxretry = 3
bantime = 600
logpath = /var/log/mariadb/mariadb.logAnd:
Code:# cat sshd.conf
[sshd]
enabled = true
port = ssh
action = firewallcmd-ipset
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400And:
Code:# cat apache.conf
[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s
[apache-badbots]
enabled = true
port = http,https
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
[apache-noscript]
enabled = true
port = http,https
logpath = %(apache_error_log)sAnd:
Code:# cat phpmyadmin.conf
[apache-phpmyadmin]
enabled = true
filter = apache-phpmyadmin
port = http,https
logpath = %(apache_error_log)sAnd:
Code:# cat vsftpd.conf
[vsftpd]
enabled = true
action = firewallcmd-ipset
port = ftp,ftp-data,ftps,ftps-data
logpath = %(vsftpd_log)s
maxretry = 5
bantime = 86400And "fail2ban-client status" tell me:
Code:# fail2ban-client status
Status
|- Number of jail: 7
`- Jail list: apache-auth, apache-badbots, apache-noscript, apache-phpmyadmin, mysqld-auth, sshd, vsftpd1- Is my configuration OK?
2- How can I sure Fail2Ban working correctly? The "fail2ban.log" show me something like:
Code:2021-01-17 03:21:01,701 fail2ban.server [1946315]: INFO rollover performed on /var/log/fail2ban.log
2021-01-18 15:57:58,443 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 15:57:56
2021-01-18 15:58:27,996 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 15:58:27
2021-01-18 16:33:27,754 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:33:26
2021-01-18 16:36:11,575 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:36:11
2021-01-18 16:38:34,093 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:38:34
2021-01-18 16:42:36,770 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:42:36
2021-01-18 16:43:25,860 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:43:25
2021-01-18 16:43:30,011 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:43:30
2021-01-18 16:43:30,048 fail2ban.actions [1946315]: NOTICE [apache-auth] Ban X.X.X.X
2021-01-18 16:46:47,191 fail2ban.filter [1946315]: INFO [apache-noscript] Found X.X.X.X - 2021-01-18 16:46:47
2021-01-18 16:53:30,230 fail2ban.actions [1946315]: NOTICE [apache-auth] Unban X.X.X.X
2021-01-20 17:05:52,030 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:05:49
2021-01-20 17:06:11,305 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:06:11
2021-01-20 17:26:12,969 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:26:11
2021-01-20 17:37:16,932 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:37:15
2021-01-20 17:42:30,524 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:42:28
2021-01-20 17:43:13,690 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:43:13
2021-01-20 17:47:55,469 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:47:55
2021-01-20 17:51:28,139 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:51:27
2021-01-20 17:58:29,335 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:58:27
2021-01-20 17:59:10,809 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:59:10
2021-01-20 18:02:53,134 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 18:02:53
2021-01-20 18:03:09,328 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 18:03:09
2021-01-20 18:03:09,440 fail2ban.actions [1946315]: NOTICE [apache-auth] Ban X.X.X.X
2021-01-20 18:13:09,467 fail2ban.actions [1946315]: NOTICE [apache-auth] Unban X.X.X.X
2021-01-20 18:26:37,156 fail2ban.filter [1946315]: INFO [apache-noscript] Found X.X.X.X - 2021-01-20 18:26:34
2021-01-20 21:05:15,632 fail2ban.filter [1946315]: INFO [apache-noscript] Found X.X.X.X - 2021-01-20 21:05:13
2021-01-21 14:15:06,038 fail2ban.filter [1946315]: INFO [sshd] Found X.X.X.X - 2021-01-21 14:15:01Can it mean that Fail2Ban working properly?
Thank you.
I installed Fail2Ban on CentOS and created below ".conf" files in "jail.d" directory with below content:
Code:# cat mariadb.conf
[mysqld-auth]
enabled = true
filter = mysqld-auth
port = 3306
maxretry = 3
bantime = 600
logpath = /var/log/mariadb/mariadb.logAnd:
Code:# cat sshd.conf
[sshd]
enabled = true
port = ssh
action = firewallcmd-ipset
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400And:
Code:# cat apache.conf
[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s
[apache-badbots]
enabled = true
port = http,https
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
[apache-noscript]
enabled = true
port = http,https
logpath = %(apache_error_log)sAnd:
Code:# cat phpmyadmin.conf
[apache-phpmyadmin]
enabled = true
filter = apache-phpmyadmin
port = http,https
logpath = %(apache_error_log)sAnd:
Code:# cat vsftpd.conf
[vsftpd]
enabled = true
action = firewallcmd-ipset
port = ftp,ftp-data,ftps,ftps-data
logpath = %(vsftpd_log)s
maxretry = 5
bantime = 86400And "fail2ban-client status" tell me:
Code:# fail2ban-client status
Status
|- Number of jail: 7
`- Jail list: apache-auth, apache-badbots, apache-noscript, apache-phpmyadmin, mysqld-auth, sshd, vsftpd1- Is my configuration OK?
2- How can I sure Fail2Ban working correctly? The "fail2ban.log" show me something like:
Code:2021-01-17 03:21:01,701 fail2ban.server [1946315]: INFO rollover performed on /var/log/fail2ban.log
2021-01-18 15:57:58,443 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 15:57:56
2021-01-18 15:58:27,996 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 15:58:27
2021-01-18 16:33:27,754 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:33:26
2021-01-18 16:36:11,575 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:36:11
2021-01-18 16:38:34,093 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:38:34
2021-01-18 16:42:36,770 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:42:36
2021-01-18 16:43:25,860 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:43:25
2021-01-18 16:43:30,011 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-18 16:43:30
2021-01-18 16:43:30,048 fail2ban.actions [1946315]: NOTICE [apache-auth] Ban X.X.X.X
2021-01-18 16:46:47,191 fail2ban.filter [1946315]: INFO [apache-noscript] Found X.X.X.X - 2021-01-18 16:46:47
2021-01-18 16:53:30,230 fail2ban.actions [1946315]: NOTICE [apache-auth] Unban X.X.X.X
2021-01-20 17:05:52,030 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:05:49
2021-01-20 17:06:11,305 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:06:11
2021-01-20 17:26:12,969 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:26:11
2021-01-20 17:37:16,932 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:37:15
2021-01-20 17:42:30,524 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:42:28
2021-01-20 17:43:13,690 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:43:13
2021-01-20 17:47:55,469 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:47:55
2021-01-20 17:51:28,139 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:51:27
2021-01-20 17:58:29,335 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:58:27
2021-01-20 17:59:10,809 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 17:59:10
2021-01-20 18:02:53,134 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 18:02:53
2021-01-20 18:03:09,328 fail2ban.filter [1946315]: INFO [apache-auth] Found X.X.X.X - 2021-01-20 18:03:09
2021-01-20 18:03:09,440 fail2ban.actions [1946315]: NOTICE [apache-auth] Ban X.X.X.X
2021-01-20 18:13:09,467 fail2ban.actions [1946315]: NOTICE [apache-auth] Unban X.X.X.X
2021-01-20 18:26:37,156 fail2ban.filter [1946315]: INFO [apache-noscript] Found X.X.X.X - 2021-01-20 18:26:34
2021-01-20 21:05:15,632 fail2ban.filter [1946315]: INFO [apache-noscript] Found X.X.X.X - 2021-01-20 21:05:13
2021-01-21 14:15:06,038 fail2ban.filter [1946315]: INFO [sshd] Found X.X.X.X - 2021-01-21 14:15:01Can it mean that Fail2Ban working properly?
Thank you.