Plesk 12.x / Linux :: Fail2ban Module Fails To Activate Proftpd And Ssh-jail
Mar 4, 2015
I have a brand new Plesk 12 Installation with just a first Subscription/Domain for my test. Enabling fail2ban jails brings me the following error for the jails plesk-proftpd and ssh. All others went on.
error 'f2bmng failed: ERROR No file(s) found for glob /var/log/secure'.
I see that /var/log/secure is missing, althoug I already used ssh and ftp to log in once. I can go to touch the /var/log/secure file or adjust the jail configs to proper log file location? Which is the way to go?
View 2 Replies
ADVERTISEMENT
Jul 14, 2014
In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
You could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban
There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.
See the example, live time :
[root@--------- log]# cat /var/log/maillog | grep 'warning: ---------'
Jul 14 07:10:54 --------- postfix/smtpd[5482]: warning: ---------[--.--.--.---]: SASL LOGIN authentication failed: authentication failure
Jul 14 07:54:16 --------- postfix/smtpd[4782]: warning: ---------[--.--.--.---]: SASL LOGIN authentication failed: authentication failure
[Code] .....
View 2 Replies
View Related
Oct 22, 2014
I am not able to enable the recidive jail in Fail2Ban. I get the following error:
Code:
Unable to switch on the selected jails: f2bmng failed: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
ERROR No file(s) found for glob /var/log/fail2ban.log
ERROR Failed during configuration: Have not found any log file for recidive jail
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload', 'recidive']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration: recidive
.
There is indeed no /var/log/fail2ban.log, but I doubt that manually creating it will correctly fix this problem.
The problem is also discussed @ [URL] ...., but in my case I have not switched on jails before switching on fail2ban. Also, the given resolution does not work.
View 3 Replies
View Related
Mar 18, 2015
We are successfully using fail2ban on our server (CentOS 6.6, Plesk 12.0.18), that is, jails running and blocking potential intruders
However, we tried to create a custom jail for the CMS that is being used by most of our clients.
I followed the instructions (Tools & Settings > IP Address Banning (Fail2Ban) > Jails > Manage Filters > Add Filter) and created the filter I wanted, but then it does not appear in the list, even though it displays a message reading that the filter was created successfully. Then, if I try to create a new Jail, the filter is not available from the list.
Looking at the directory /etc/fail2ban/filter.d/ I can find a file that has the same name as the filter I created, with a .local extension (the file name does not contain whitespaces or other special characters)...
View 3 Replies
View Related
Nov 13, 2014
My company and I are currently discovering Plesk on a CentOS 6.6 based system. We are migrating from an old system on which FTP usernames could hold uppercase letters, which apparently is not the case in Plesk 11 (or is it because of CentOS?).
Anyway, as we can't change these FTP account names, I was thinking about creating a rule with mod_rewrite in the proftpd.conf file.
So the question is: how can I reinstall/reconfigure proftpd with this module activated? I don't even know where to find the corresponding package (which repo, correct version, etc...)
View 2 Replies
View Related
Jan 10, 2015
Compliments about the integration of Fail2Ban. I saw a lot of blocks on different IP addresses that tried to logon to the server. Fail2Ban is setup to monitor SSH, FTP, and some more.
It is however not possible to activate the "plesk-apache" and "plesk-apache-badbot" jails.
I receive the following error when I try to activate the jails:
Cannot activate the selected jails: f2bmng failed: ERROR NOK: ('plesk-apache',)
ERROR NOK: (13, 'Permission denied')
ERROR NOK: (13, 'Permission denied')
......
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload', 'plesk-apache']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration: plesk-apache
When i look into the logfile of fail2ban, i see that there are no permissions for the log files:
2015-01-10 20:14:40,987 fail2ban.comm [19428]: WARNING Command ['set', 'plesk-apache', 'addlogpath', '/var/www/vhosts/system/[domainname]/logs/error_log'] has failed. Received IOError(13, 'Permission denied')
The file permissions are set as following on all the log files:
-rw-r--r-- root root
I'd really like to activate Fail2Ban for Apache too.
View 4 Replies
View Related
Aug 2, 2007
My Plesk version is 8.2 and i use debian 3.1, I check the instructions on
[url]
this faq, it seems added in both inetd configuration file and xinetd.d configuration file in my configuration, also xinetd is working through system but ftp cannot be connectable. It gives "Unable to login server" from remote client and i also check with command line ftp client and service says that "421 Service not available, remote server has closed connection"
I also check this
[url]
faq and port is open:
Quote:
Starting nmap 3.81 [url] at 2007-08-02 16:59 CEST
Interesting ports on xx-server.xxxxxx.net (xxx.xxx.xxx.xxx):
PORT STATE SERVICE
21/tcp open ftp
Nmap finished: 1 IP address (1 host up) scanned in 0.013 seconds
Is there anyone knows how could I solve this situation?
View 1 Replies
View Related
Apr 7, 2015
Can't find nothing in documentation nor googleling... I'm able to change the name of the server like this:
./server_pref --update -hostname host.example.com
But can't find the way to add and activate NTP server by CLI.
Does this option is available, and if yes how?
View 10 Replies
View Related
May 24, 2014
when I try to activate a new subscription (webspace) comes out an error as attached image, which tells me that there is already a user account and a DNS record, but in reality do not exist and therefore can not delete them.
View 8 Replies
View Related
Oct 24, 2014
I just added a new PHP Handler with PHP Verison 5.5.18 as cgi and i always get an error when activating. I used the samte setting and php ini as the Buildin Ones
root@ip1:/usr/local/src/php-5.5.18# /usr/local/psa/bin/php_handler --list
id: display name: full version: version: type: cgi-bin: php-cli: php.ini: custom:
5.5.18 5.5.18 5.5.18 5.5 cgi /usr/local/php550-cgi/bin/php-cgi /etc/php5/cli/php.ini true
cgi 5.3.29 5.3.29 5.3 cgi /usr/bin/php5-cgi /etc/php5/cgi/php.ini false
fastcgi 5.3.29 5.3.29 5.3 fastcgi /usr/bin/php5-cgi /etc/php5/cgi/php.ini false
module 5.3.29 5.3.29 5.3 module /usr/bin/php5-cgi /etc/php5/cgi/php.ini false
When i want to activate it i get
Fehler: phpinimng failed: Cannot parse php.ini: (<class 'php_ini.PhpIniSyntaxError'>, PhpIniSyntaxError('[<stdin>:24] Invalid configuration line. Are there excessive leading spaces?',))
I get this even if i want to activate a build in one.
In my additional php config i have
mail.log = /var/log/phpmail.log
mail.add_x_header = On
date.timezone = "Europe/Berlin"
[Zend]
zend_extension=/usr/lib/php/modules/ioncube_loader_lin_5.3.so
zend_extension=/usr/lib/php5/ZendGuardLoader.so
sendmail_path = /usr/sbin/sendmail-wrapper-php
I am using Debian Squeeze.
View 4 Replies
View Related
Aug 31, 2014
I activated fail2ban in Plesk 12 and set the SSH jail to ban after 2 retries for 24h on all ports.
This is the generated "/etc/fail2ban/jail.local":
Code:
[ssh]
enabled = true
maxretry = 2
action = iptables-allports[name=ssh]
I tested it and I'm only banned on the IP of SSH (I have one only for SSH and the Plesk panel).
I have 10 IPs in total on my server. I can still access all other IPs, i.e. my websites.
Why does fail2ban not block me completely?
View 13 Replies
View Related
Oct 15, 2014
During the installation procedure, the script stopped unexpectedly
Errors were encountered while processing:
/var/cache/apt/archives/psa-proftpd_1.3.5-ubuntu14.04.build1200140604.16_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
View 1 Replies
View Related
Jan 25, 2015
How do I remove psa-proftpd on my Server? or make config by proftpd-basic?I have problems with Game Panel Easy-Wi..or is there a tutorial about this problem with Plesk and Easy-Wi?
View 6 Replies
View Related
Jan 30, 2015
I'm running a brand new installed VPS with CentOS 6.6 and Plesk 12.0.18. I created a subscription and by default a FTP user is created. However, I cannot login with these credentials. I also created a new user but the same problem presists. I'm 100% sure that the username and password is correct.
Filezilla gives me and 530 Login incorrect. But if I look at the /var/log/secure file, I see this odd message (FTP username = test):
Jan 30 16:01:45 transip proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Jan 30 16:01:45 transip proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Jan 30 16:01:45 transip proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Jan 30 16:01:45 transip proftpd[18085]: 127.0.0.1 (x.x.x.x[x.x.x.x]) - USER test (Login failed): No such user found
No such user found, although it is created with Plesk.
View 10 Replies
View Related
Jan 10, 2015
Recently I've tested the usage of domain keys on my plesk 12 server. The feature works without problems. I'm wondering however if it's possible to activate the domain keys by a service plan or subscription model. If not, for all my domains (65) I've to activate them manually and for each domain iIll create in the future I have to activate it too.
View 6 Replies
View Related
May 7, 2015
So on our server, fail2ban got itself in a mess. Tried various things to fix, to no avail, so figured I'd just do a fresh install of it. There was minimal customisation to it that I couldn't re-do.
Note I'd already rm'd /etc/fail2ban - as on previous attempts, the files in here didn't appear to be restored to their defaults. So I figured removing the directory would force this to happen (Whether this was wise I'm not sure!) ;-)
So, following instructions here: [URL] .... I now get the following:
# wget http://kb.sp.parallels.com/Attachments/kcs-36245/fail2ban.gz
# gunzip fail2ban.gz
# mv fail2ban /etc/init.d/fail2ban
# chmod 755 /etc/init.d/fail2ban
# ll /etc/init.d/fail2ban /etc/fail2ban/fail2ban.conf
ls: cannot access /etc/fail2ban/fail2ban.conf: No such file or directory
-rwxr-xr-x 1 root root 2141 Aug 15 2014 /etc/init.d/fail2ban
I then uninstall/reinstall with # /usr/local/psa/admin/bin/autoinstaller
(Have tried via the web interface too)
I then get:
# ll /etc/init.d/fail2ban /etc/fail2ban/fail2ban.conf
ls: cannot access /etc/fail2ban/fail2ban.conf: No such file or directory
-rwxr-xr-x 1 root root 2141 Aug 15 2014 /etc/init.d/fail2ban
i.e., no change..
and if I go to the fail2ban settings in Plesk, I get:
Internal error: f2bmng failed: ERROR:f2bmng:No section: 'Definition'
Message f2bmng failed: ERROR:f2bmng:No section: 'Definition'
Is there a way to regenerate what should be in /etc/fail2ban by default?
View 4 Replies
View Related
Aug 12, 2014
I am not able to add a new filter to fail2ban
If I go in plesk panel to: Home > Tools & Settings >IP Address Banning > Jails > managing Filters > add filter > type in name & filtercontent and save I get "Information: The jail filter was added". But i can not see the new added filter in the Plesk Filter List (still just the 12 Filters in the list).
On the filesystem > /etc/fail2ban/filter.d/ i can see the new file but with the extension .local - usulay the file is named like xyz.conf
The output of /usr/local/psa/admin/sbin/f2bmng --get-filters-list
[["apache-auth", "fail2ban"], ["apache-badbots", "fail2ban"], ["apache-common", "fail2ban"],
["common", "fail2ban"], ["plesk-courierlogin", "plesk-fail2ban-configurator"],
["plesk-dovecot", "plesk-fail2ban-configurator"], ["plesk-horde", "plesk-fail2ban-configurator"],
["plesk-panel", "plesk-fail2ban-configurator"], ["plesk-qmail", "plesk-fail2ban-configurator"],
["plesk-roundcube", "plesk-fail2ban-configurator"], ["postfix-sasl", "fail2ban"],
["proftpd", "fail2ban"], ["recidive", "fail2ban"], ["sshd", "fail2ban"], ["test", null]]
test is the name i choosed for the new filter and it seems the second field has "null" .....
View 1 Replies
View Related
Jul 14, 2014
we have a brute force attack:
Code:
188.132.180.106 - - [14/Jul/2014:22:03:37 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:39 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
[code]....
And so on, but the Fail2Ban doesn't lock this ip address, why? And how can we manually lock about the webinterface this ip?
View 1 Replies
View Related
Aug 10, 2014
Well with activated apache-badbots jails I have in a short time a hugh amount of banned IPs. Usualy action for this is to use iptables-ipset-proto and save all this baned IPs in the ipset insteed as normal in the iptables list - thats also a suggestion which was discussed in the fail2ban forum for better performance. And yes I had this running (ipset package installed) with my manual installation of fail2ban before I switched over to the plesk integrated.
action = iptables-ipset-proto6[name=BadBots, port="http,https,7080,7081"] insteed of action = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
So how can I add iptables-ipset-proto4.conf, iptables-ipset-proto6-allports.conf, iptables-ipset-proto6.conf to the plesk version of fail2ban??
View 4 Replies
View Related
Feb 11, 2015
I am noticing that several of my users are wiping out their user root folders ( logs, error docs, etc...) when they fail to use '/httpdocs/' as the root directory when publishing with FTP.
I fixed this by editing the proftpd.conf to use ~/httpdocs/ as the DefaultRoot folder ( instead of just ~/ ).Would it be safer(better) to go through all the ftp users and make the home directory '/httpdocs/' instead of '/' in the admin UI? If yes, what is the best way to do a mass update of this setting for multiple users ( multiple domains ) ?
View 2 Replies
View Related
Apr 4, 2014
Is it possible to enable NLS support in psa-proftpd package?
root@server :]> proftpd -V | grep NLS
- NLS support
Is it possbile for proftpd to support not English filenames ( for example russian, greek etc )?
View 5 Replies
View Related
Mar 26, 2015
I have the problem that the ip blocked "failban" too short (set findtime=1800).
The ip should be blocked for 30 minutes (the second time).
2015-03-23 22:24:59,779 fail2ban.filter [2807]: INFO Set maxRetry = 5
2015-03-23 22:24:59,780 fail2ban.filter [2807]: INFO Set findtime = 1800
2015-03-23 22:24:59,781 fail2ban.actions[2807]: INFO Set banTime = 600
2015-03-27 04:50:56,209 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:00:56,913 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
2015-03-27 05:09:05,483 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:19:06,153 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
2015-03-27 05:35:39,317 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:45:40,012 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
View 2 Replies
View Related
Sep 2, 2014
I setup and enable fail2ban by Plesk 12 (tools and settings). What happens is, few days after i am unable to access this option again. I got time out
I've tried to disable by ssh "fail2ban-client stop" and nothing... the command become loading and never conclude,
how to remove or stop fail2ban ?
View 6 Replies
View Related
Feb 4, 2015
I would find an easy way to add a list of IP in Fail2ban whitelist in linux console.What is the file to modify ? Is there a command line or a process ?
View 4 Replies
View Related
Apr 22, 2015
In the fail2ban module of plesk is a tab for "logs".
Here you can view Fail2ban logs.
No items found.Click to expand...
View 6 Replies
View Related
Jun 29, 2015
I was wondering why all the jails in fail2ban are inactive..
Do I need to enable all of them? or there's only a specific list that is useful?
View 8 Replies
View Related
Feb 11, 2015
How to set a permanent ban per IP in Fail2ban?? I have banned continuously some IPs with recidibe and I need put this IPs in a permanent blacklist.
View 1 Replies
View Related
May 18, 2015
Ubuntu 10.04.4 LTS
12.0.18 Update #46, last updated at May 15, 2015 03:57 AM
Just recently (after update #46) Fail2Ban stopped working and I couldn't restart it or pin point the reason behind it. I decided to uninstall F2B component via Plesk installer.
F2B uninstalled however when I try to install it again I get error : 'Installation will not continue'
Where to start and where can I find log files that could give me some clues?
View 18 Replies
View Related
Jun 30, 2014
Since upgrading to 12.0.18 Update # 5 fail2ban stopped working.
Code:
[nimda4597@xxxx fail2ban]# service fail2ban status
fail2ban-server (pid 1881) is running...
Status
[Code].....
View 8 Replies
View Related
Apr 25, 2015
I installed fail2ban via the autoinstaller today. I got a failed install. There is no /etc/init.d/fail2ban file, and no /usr/bin/fail2ban-server.
On the other hand yum-search tells me it's installed:
plesk-fail2ban-configurator.noarch : plesk-specific jails and filters for fail2ban
fail2ban.noarch : Scan logfiles and ban ip addresses with too many password failures
I tried to remove it in autoinstaller:
Installing packages
Loaded plugins: fastestmirror, priorities
Running rpm_check_debug
Error in PREUN scriptlet in rpm package fail2ban
[Code] .....
View 1 Replies
View Related
May 10, 2014
I had a HDD crash recently on my Root Server. Replaced HDDs, installed Ubuntu 12.04 LTS, since Ubuntu 14.04 LTS is not supported by Plesk yet. Anyway...
I had 2 issues:
1) Could not create Customers, because IP Pool was empty. Changed IP Type from Dedicated to Shared. Fixed issue.
2) Cannot connect to the FTP Server using the Login Data from one of my Domains.
FlashFXP and FileZilla both show the same error, which is:
Code:
Response:220 ProFTPD 1.3.4c Server (ProFTPD) [*ip removed*]
Command:USER *user removed*
Response:331 Password required for *user removed*
Command:PASS **************
Response:530 Login incorrect.
Error:Critical error
Error:Could not connect to server
View 1 Replies
View Related
