hallo,
irgendwie bekomme ich das mit der config & der syncronisation mit openvcp nicht wirklich gebacken. aber der reihe nach. ich habe das modifizierte script von seite 3 von dem thread als sync.sh in /etc/fail2ban/action.d geworfen, angepasst und rechte gesetzt. & eine neue sync.conf angelegt. diese sieht dann so aus:
PHP
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 661 $
#
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionban = sync <ip> add
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionunban = sync <ip> del
danach noch schnell die jail.config angepasst:
PHP
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1
bantime = 600
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
# This issue left ToDo, so polling is default backend for now
backend = polling
#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost
# Default action to take: ban only
action = sync
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
[apache]
enabled = true
port = http
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 5
[apache-noscript]
enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 5
[vsftpd]
enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/auth.log
maxretry = 5
[proftpd]
enabled = true
port = ftp
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 3
[wuftpd]
enabled = false
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 5
[postfix]
enabled = false
port = smtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 5
[courierpop3]
enabled = true
port = pop3
filter = courierlogin
logpath = /var/log/mail.log
maxretry = 5
[courierimap]
enabled = true
port = imap2
filter = courierlogin
logpath = /var/log/mail.log
maxretry = 5
[sasl]
enabled = true
port = smtp
filter = sasl
logpath = /var/log/mail.log
maxretry = 5
# DNS Servers
# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
# channel security_file {
# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category security {
# security_file;
# };
# }
#
# in your named.conf to provide proper logging
# Word of Caution:
# Given filter can lead to DoS attack against your DNS server
# since there is no way to assure that UDP packets come from the
# real source IP
[named-refused-udp]
enabled = true
port = domain,953
protocol = udp
filter = named-refused
logpath = /var/log/named/security.log
[named-refused-tcp]
enabled = true
port = domain,953
protocol = tcp
filter = named-refused
logpath = /var/log/named/security.log
soweit so gut! leider passiert gar nichts! wenn ich testweise 10x nen falsches proftpd pw eingebe schreibt der das zwar brav in die log datei, aber es werden keine einstellungen in der openvcp-fw übernommen.
kann mir jemand nen tipp geben, was ich falsch gemacht habe bzw. wie das script zum laufen zu bewegen ist??
danke & mfg
jkn
