cat /etc/fail2ban/jail.local
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
banaction = firewallcmd-ipset
logpath = /var/log/proftpd/proftpd-error.log
findtime = 600
bantime = 900
maxretry = 5
fail2ban-regex /var/log/proftpd/proftpd-error.log /etc/fail2ban/filter.d/proftpd.conf
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/proftpd.conf
Use log file : /var/log/proftpd/proftpd-error.log
Use encoding : UTF-8
Results
=======
Failregex: 301 total
|- #) [# of hits] regular expression
| 1) [166] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?proftpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?proftpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*\S+ \(\S+\[<HOST>\]\)[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$
| 2) [135] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?proftpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?proftpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*\S+ \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit (access|configuration) denies login|Not a UserAlias|maximum login length exceeded).?\s*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [986] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-
Lines: 986 lines, 0 ignored, 301 matched, 685 missed [processed in 0.26 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 685 lines
cat /var/log/fail2ban.log
2015-01-27 11:56:04,840 fail2ban.server [27195]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1
2015-01-27 11:56:04,841 fail2ban.database [27195]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2015-01-27 11:56:04,844 fail2ban.jail [27195]: INFO Creating new jail 'proftpd'
2015-01-27 11:56:04,868 fail2ban.jail [27195]: INFO Jail 'proftpd' uses systemd
2015-01-27 11:56:04,894 fail2ban.jail [27195]: INFO Initiated 'systemd' backend
2015-01-27 11:56:04,898 fail2ban.filter [27195]: INFO Set maxRetry = 5
2015-01-27 11:56:04,900 fail2ban.actions [27195]: INFO Set banTime = 900
2015-01-27 11:56:04,901 fail2ban.filter [27195]: INFO Set findtime = 600
2015-01-27 11:56:04,928 fail2ban.filtersystemd [27195]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2015-01-27 11:56:04,939 fail2ban.jail [27195]: INFO Jail 'proftpd' started
ipset list
Name: fail2ban-proftpd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 900
Size in memory: 16528
References: 1
Members:
Не могу понять где ошибка, Fail2Ban v0.9.1
