Anyone good with Fail2ban?

I’m getting a lot of messages like this in my Logwatch:

Attempts to use known hacks by x hosts were logged 18 times from:
list of UP addresses.

I’ve tried to use apache-auth in an attempt to stop this, but no matter what I do I get a syntax error. The original that comes with fail2ban doesn’t work.

Does anyone know how to either get apache-auth to work OR supply a new regex for filter.d?

Hopefully it’s not too late for an answer

cat apache-auth.local

enabled = true
filter = apache-auth
action = iptables-multiport[name=apache-auth, port=“http,https,smtp,smtps,submission,pop3,pop3s,imap,imaps,sieve”, protocol=tcp]
logpath = /var/log/httpd/error_log

maxretry = 3
findtime = 86400
bantime = xxxxxx

Still get the error. What’s the filter.d apache-auth?

man fail2ban-regex

fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache-auth.conf

current version on github => fail2ban/config/filter.d/apache-auth.conf at master · fail2ban/fail2ban · GitHub

2024-03-15 21:21:50,921 fail2ban [1575070]: ERROR ERROR: test configuration failed
[root@pegasus ~]# fail2ban-client check apache-auth
2024-03-15 21:22:05,257 fail2ban [1575077]: ERROR NOK: (‘Invalid command’,)
Invalid command

Copied the latest apache-auth.conf frpm github still the same

man fail2ban-client would help.

Was incorrect
action = iptables-multiport[name=apache-auth,
should be action = iptables-multiport[port=http… etc

The logpath was also wrong.

After almost a day. I got it to work!

Thanks for the attempts to help.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.