Talk:FAQ english

From Fail2ban
Jump to: navigation, search

.htaccess

Let's say all one can write is .htaccess, as one is on Dreamhost. Perhaps add that functionality. --Jidanni 2007/12/03

.htaaccess

That is a good one because I would like to re-route to custom access denied page instead of just dropping the packets. A reroute or ban through htaacess where you could use http header values to ban as well would be great.

No 'host' group in 'failregex' Cannot remove regular expression. Index 0 is not valid

Hi to all, I am dema2 Ubuntu server from italy i use ubuntu 9.10 karmic Koala pyton 2.6.4, fail2ban is installed from repository, virgin , no any modification i was made, for test if this soft run regular with origianl virgin configuration, after test i mak fail2ban to run for cccam server-

i test fail2ban this is the answers

root@amed2-dual:~# fail2ban-client -d WARNING 'findtime' not defined in 'apache-noscript'. Using default value WARNING 'findtime' not defined in 'pam-generic'. Using default value WARNING 'findtime' not defined in 'vsftpd'. Using default value WARNING 'findtime' not defined in 'xinetd-fail'. Using default value WARNING 'findtime' not defined in 'named-refused-udp'. Using default value WARNING 'findtime' not defined in 'ssh-ddos'. Using default value WARNING 'findtime' not defined in 'apache-multiport'. Using default value WARNING 'findtime' not defined in 'apache-overflows'. Using default value WARNING 'findtime' not defined in 'couriersmtp'. Using default value WARNING 'findtime' not defined in 'wuftpd'. Using default value WARNING 'findtime' not defined in 'ssh'. Using default value WARNING 'findtime' not defined in 'postfix'. Using default value WARNING 'findtime' not defined in 'sasl'. Using default value WARNING 'findtime' not defined in 'apache'. Using default value WARNING 'findtime' not defined in 'courierauth'. Using default value WARNING 'findtime' not defined in 'proftpd'. Using default value WARNING 'findtime' not defined in 'named-refused-tcp'. Using default value ['set', 'loglevel', 3] ['set', 'logtarget', '/var/log/fail2ban.log'] ['add', 'ssh', 'polling'] ['set', 'ssh', 'addlogpath', '/var/log/auth.log'] ['set', 'ssh', 'maxretry', 6] ['set', 'ssh', 'addignoreip', '127.0.0.1'] ['set', 'ssh', 'findtime', 600] ['set', 'ssh', 'bantime', 600] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\\s*$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=\\S* ruser=\\S* rhost=<HOST>(?:\\s+user=.*)?\\s*$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$'] ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Address <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\\s*$'] ['set', 'ssh', 'addfailregex', "^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"] ['set', 'ssh', 'addaction', 'iptables-multiport'] ['set', 'ssh', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP'] ['set', 'ssh', 'actionstop', 'iptables-multiport', 'iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>'] ['set', 'ssh', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>'] ['set', 'ssh', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j DROP'] ['set', 'ssh', 'actioncheck', 'iptables-multiport', 'iptables -n -L INPUT | grep -q fail2ban-<name>'] ['set', 'ssh', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp'] ['set', 'ssh', 'setcinfo', 'iptables-multiport', 'name', 'ssh'] ['set', 'ssh', 'setcinfo', 'iptables-multiport', 'port', 'ssh'] ['start', 'ssh'] root@amed2-dual:~# fail2ban-regex "line" "failregex"

Running tests

=

Use regex line : failregex Use single line: line

No 'host' group in 'failregex' Cannot remove regular expression. Index 0 is not valid

Results

=

Failregex |- Regular expressions: | [1] failregex | `- Number of matches:

  [1] 0 match(es)

Ignoreregex |- Regular expressions: | `- Number of matches:

Summary

=

Sorry, no match

Look at the above section 'Running tests' which could contain important information. root@amed2-dual:~# python -V Python 2.6.4


== >>>>>Now how i can repair this problem when the test answer to me .... ==


No 'host' group in 'failregex' Cannot remove regular expression. Index 0 is not valid

please help me, thank, is about 10 day taht i word around this problem but is impossible for my to resolve this, i need fail2ban for protect my server thank in advantage to all best regards from italy dema2