Difference between revisions of "FAQ english"

From Fail2ban
Jump to: navigation, search
(Undo revision 2324 by 94.76.213.77 (Talk))
(Installation)
Line 1: Line 1:
== '''Installation''' ==
+
http://gnwnguh.blackapplehost.com/hockey-life-online.html read life online
 
+
http://oiociqe.blackapplehost.com/watch-one-tree-hill-season-3-online-free.html watch one tree hill online now
=== Are there RPM/DEB packages for {{Fail2ban}}? ===
+
http://oiociqe.blackapplehost.com/fly-line-fishing.html fly fishing rod sage
 
+
http://gnwnguh.blackapplehost.com/adobe-cs3-keygen.html adobe acrobat 8 keygen
Sure. Please take a look at [[Downloads]] section
+
http://caewxhq.freewhost.com/fitness-center-san-antonio.html jazzercise fitness center
 
+
http://caewxhq.freewhost.com/glass-guide-used-car-prices.html glass slipper carriage service
=== How can I install {{Fail2ban}} from a RPM/DEB/gentoo package? ===
+
http://oiociqe.blackapplehost.com/download-all-windows-xp.html download a windows xp
 
+
http://whlpoog.blackapplehost.com/high-school-racine-wisconsin.html oregon wisconsin schools
If you are using rpm:
+
http://pciqgfi.yourfreehosting.net/diablo-2-lod-character-editor.html diablo 2 lod character editor
 
+
http://amwawoe.blackapplehost.com/perfect-posture-back-support.html posture back support bra
rpm -Uvh fail2ban-X.X.X.rpm
+
http://gnwnguh.blackapplehost.com/museum-of-science-technology.html museum of space and science
 
+
http://njulboh.yourfreehosting.net/fantasy-football-magazine.html fantasy football league management
If you are required to install a src.rpm (source package) please follow these instructions:
+
http://whlpoog.blackapplehost.com/lever-rifle.html rifle purchase
 
+
http://whlpoog.blackapplehost.com/hair-color-conditioner.html deep hair conditioner
rpm --rebuild fail2ban-X.X.X.src.rpm
+
http://oiociqe.blackapplehost.com/maine-sport-fishing.html northern sport fishing products
 
+
http://oiociqe.blackapplehost.com/watch-big-brother-9-live.html watch big brother cbs
After that, binary rpm will be placed at <tt>/usr/src/RPM/RPMS/ix86</tt>
+
http://caewxhq.freewhost.com/vermont-deer-hunting-season.html white deer hunting
 
+
http://amwawoe.blackapplehost.com/one-tree-hill-episode-510.html one tree hill season finale episode
rpm -Uhv /usr/src/RPM/RPMS/ix86/fail2ban-X.X.X.rpm
+
http://caewxhq.freewhost.com/catholic-calendar-for-2008.html catholic calendar for may 2008
 
+
http://njulboh.yourfreehosting.net/homemade-halloween-costume-ideas.html homemade tinkerbell costume
Please check that your PATH is <tt>/usr/src/RPM/RPMS/ix86/</tt> before doing anything else.
+
http://whlpoog.blackapplehost.com/plano-colored-contact-lenses.html theatrical colored contact lenses
 
+
http://whlpoog.blackapplehost.com/kids-candy-corn-halloween-costumes.html kids costumes australia
If you want to install {{Fail2ban}} from a .deb package:
+
http://pciqgfi.yourfreehosting.net/art-of-tying-the-wet-fly-and-fishing-the.html a fly fishing rod
 
+
http://gnwnguh.blackapplehost.com/chesepeake-bay-fishing-report.html cocoa beach fishing report
dpkg -i fail2ban-X.X.X.deb
+
http://pciqgfi.yourfreehosting.net/army-costumes-for-kids.html army costumes for kids
 
+
http://njulboh.yourfreehosting.net/minor-league-baseball-teams.html minor league baseball team
If you want to install {{Fail2ban}} on gentoo:
+
http://caewxhq.freewhost.com/disney-mulan-costume.html costume in disney
 
+
http://pciqgfi.yourfreehosting.net/richest-soccer-club.html river soccer club
emerge fail2ban
+
http://njulboh.yourfreehosting.net/back-posture-supports.html back pain sitting posture
 
+
http://amwawoe.blackapplehost.com/soccer-football-federation.html soccer football video
=== How can I run {{Fail2ban}} without installation? ===
+
http://pciqgfi.yourfreehosting.net/country-music-free-videos.html free country music videos
 
+
http://amwawoe.blackapplehost.com/how-to-cast-fly-fishing.html kaufmans fly fishing
It is possible to run {{Fail2ban}} without installation. {{Fail2ban}} is written in Python and does not need to be compiled. If you want to quickly test {{Fail2ban}} or if you have it already installed and want to test a new version, please follow these steps (for 0.7.x and above):
+
http://gnwnguh.blackapplehost.com/hand-blown-glass-art.html blown glass chandelier
 
+
http://njulboh.yourfreehosting.net/channel-nine-news-video.html channel no 1 news
* [[Downloads|Download]] a source tarball (release or nightly).
+
http://amwawoe.blackapplehost.com/magnavox-tv-remote-controls.html remote controlled light switch
* Unpack it somewhere on your system.
+
* You should have a directory named ''fail2ban-*''. Go into this directory.
+
* Edit the configuration in ''config/''.
+
** Change the option '''socket''' in ''fail2ban.conf''.
+
** Change the option '''logtarget''' in ''fail2ban.conf''.
+
** Do not forget to edit ''jail.conf'' too.
+
* Use ''fail2ban-client'' to start ''fail2ban-server''. Do not forget to tell it where to find the configuration:
+
./fail2ban-client -c config/ start
+
* Always use the '''-c''' option for other calls to ''fail2ban-client''. Do not forget the '''./''' before too. Here is another example:
+
./fail2ban-client -c config/ status
+
* Shutdown {{Fail2ban}} with:
+
./fail2ban-client -c config/ stop
+
 
+
People who wants to hack on {{Fail2ban}} can also use this procedure in order to quickly test their changes.
+
  
 
== '''Configuration''' ==
 
== '''Configuration''' ==

Revision as of 16:15, 30 December 2008

http://gnwnguh.blackapplehost.com/hockey-life-online.html read life online http://oiociqe.blackapplehost.com/watch-one-tree-hill-season-3-online-free.html watch one tree hill online now http://oiociqe.blackapplehost.com/fly-line-fishing.html fly fishing rod sage http://gnwnguh.blackapplehost.com/adobe-cs3-keygen.html adobe acrobat 8 keygen http://caewxhq.freewhost.com/fitness-center-san-antonio.html jazzercise fitness center http://caewxhq.freewhost.com/glass-guide-used-car-prices.html glass slipper carriage service http://oiociqe.blackapplehost.com/download-all-windows-xp.html download a windows xp http://whlpoog.blackapplehost.com/high-school-racine-wisconsin.html oregon wisconsin schools http://pciqgfi.yourfreehosting.net/diablo-2-lod-character-editor.html diablo 2 lod character editor http://amwawoe.blackapplehost.com/perfect-posture-back-support.html posture back support bra http://gnwnguh.blackapplehost.com/museum-of-science-technology.html museum of space and science http://njulboh.yourfreehosting.net/fantasy-football-magazine.html fantasy football league management http://whlpoog.blackapplehost.com/lever-rifle.html rifle purchase http://whlpoog.blackapplehost.com/hair-color-conditioner.html deep hair conditioner http://oiociqe.blackapplehost.com/maine-sport-fishing.html northern sport fishing products http://oiociqe.blackapplehost.com/watch-big-brother-9-live.html watch big brother cbs http://caewxhq.freewhost.com/vermont-deer-hunting-season.html white deer hunting http://amwawoe.blackapplehost.com/one-tree-hill-episode-510.html one tree hill season finale episode http://caewxhq.freewhost.com/catholic-calendar-for-2008.html catholic calendar for may 2008 http://njulboh.yourfreehosting.net/homemade-halloween-costume-ideas.html homemade tinkerbell costume http://whlpoog.blackapplehost.com/plano-colored-contact-lenses.html theatrical colored contact lenses http://whlpoog.blackapplehost.com/kids-candy-corn-halloween-costumes.html kids costumes australia http://pciqgfi.yourfreehosting.net/art-of-tying-the-wet-fly-and-fishing-the.html a fly fishing rod http://gnwnguh.blackapplehost.com/chesepeake-bay-fishing-report.html cocoa beach fishing report http://pciqgfi.yourfreehosting.net/army-costumes-for-kids.html army costumes for kids http://njulboh.yourfreehosting.net/minor-league-baseball-teams.html minor league baseball team http://caewxhq.freewhost.com/disney-mulan-costume.html costume in disney http://pciqgfi.yourfreehosting.net/richest-soccer-club.html river soccer club http://njulboh.yourfreehosting.net/back-posture-supports.html back pain sitting posture http://amwawoe.blackapplehost.com/soccer-football-federation.html soccer football video http://pciqgfi.yourfreehosting.net/country-music-free-videos.html free country music videos http://amwawoe.blackapplehost.com/how-to-cast-fly-fishing.html kaufmans fly fishing http://gnwnguh.blackapplehost.com/hand-blown-glass-art.html blown glass chandelier http://njulboh.yourfreehosting.net/channel-nine-news-video.html channel no 1 news http://amwawoe.blackapplehost.com/magnavox-tv-remote-controls.html remote controlled light switch

Configuration

What is the main configuration file for Fail2ban?

Fail2ban configuration process is rather simple. There is only one configuration file, where Fail2ban can be fully configured, this file is located at: /etc/fail2ban/fail2ban.conf

You are able to edit this file using any editor you want: vim, emacs, joe, ae...

Configuration file must be edited by root.

How can Fail2ban be configured?

This step is fully detailed at HOWTOs chapter

Can I exclude failed logins for selected users from resulting in a ban?

(I don't know, perhaps that's a feature request.)

Edit: Cause fail2ban didn't know anything of the username format logged in the specific file(s) (if usernames even get logged), it is only possible to exclude selected users in the regex of the service section.

Security

What do I have to consider when using Fail2ban?

Especially on systems which provide SSH/CGI/PHP services to unknown users, it is possible to block other users from ssh and probably other services. How would a user do so? The user could issue:

logger -p auth.warning -t 'sshd[123]' 'Illegal user user1 from 1.2.3.4'

Or the malicious user may write via PHP's openlog()/syslog() to syslog.

Solution #1: This security hazard can be handled via ownership/permissions of /dev/log, which allows logging to all the users by default. Just add a group log, add all daemons and root to that group and be happy.

What about log injection?

Fail2ban parses log files of other services and thus it can be vulnerable to log injection. Daniel B. Cid describes this kind of issues in Attacking Log analysis tools. I strongly suggest that you read this article. We will always try to provide safe configuration files. However, you can use fail2ban-regex to test your configuration files against forged log lines.

Troubleshooting

I have Postfix on my system but no "mail" command. How can I get e-mail notifications?

As of version 0.8.1, "mail" actions are deprecated. Please use the "sendmail" ones instead. E.g. sendmail-whois instead of mail-whois in your jail.[conf|local].

You probably have the sendmail command. Copy /etc/fail2ban/action.d/mail-whois.conf to /etc/fail2ban/action.d/mail-whois.local, edit this file and replace mail with sendmail. Here is an example:

actionban = echo -en "From:root <fail2ban>
            To: <dest>
            Subject: [Fail2Ban] <name>: banned <ip>
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here are more information about <ip>:\n
            `whois <ip>`\n
            Regards,\n
            Fail2Ban"|sendmail -t  

mail.conf can be modified too.

Why do my CVS users using SSH getting blocked?

If you are using the Eclipse CVS integration with SSH, then each access of the CVS results in a failed access before a valid one is done. As a consequence your CVS users get banned from time to time.

I get the error "Please check the format and your locale settings"

The error looks like this:

ERROR: time data did not match format: data=Mar 21 10:00:50 fmt=%b %d %H:%M:%S
ERROR: Please check the format and your locale settings.

This is a known bug. Since 0.6.1, Fail2ban uses your locale settings for date and time format. However, some daemons do not take care of locale and write their log messages using the POSIX standard. Please look at this bug for more details.

You can try to override the LANG variable:

# LANG=en_US /etc/init.d/fail2ban restart

You can get all the available locale with:

# locale -a

How do I increase verbosity?

In order to increase the verbosity of Fail2ban, use the command line option -vvv for fail2ban-client and fail2ban (only for 0.6.x). Set loglevel to 4 in /etc/fail2ban/fail2ban.conf (only for > 0.6.x).

Fail2ban is running but not banning SSH bruteforce

NB:This example is based on a Debian system, but can be easily done on any distro.

The package is well installed:

# dpkg -l |grep fail                                               
ii  fail2ban                      0.8.1-2                         bans IPs that 
cause multiple authentication

The service is running:

# /etc/init.d/fail2ban status                                      
Status of authentication failure monitor: fail2ban is running

SSH jail is set up and ready:

# fail2ban-client status                                           
Status                                                                          
|- Number of jail:      1                                                       
`- Jail list:           ssh

SSH bruteforce logs are identified by fail2ban:

# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
....
Success, the total number of match is 30

So, check that all your logs are synchronized: all logs files (auth.log, syslog,..) must use the same time reference (if your server is not very busy, there will probably be an important difference between the output of [1]date command and the last event logged in syslog. You can force to generate a log in syslog using the logger command and check then with the output of date command)

# date                                                             
Wed Nov 28 13:49:02 CET 2007                                                    
# tail -2 /var/log/auth.log                                        
Nov 28 13:39:12 <SERVERNAME> sudo: pam_unix(sudo:session): session opened for user roo
t by <user>(uid=0)                                                              
Nov 28 13:39:12 <SERVERNAME> sudo: pam_unix(sudo:session): session closed for user roo
t

If time reference is not the same everywhere, then fail2ban won't ban any IP!