Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:fail2ban

fail2ban

fail2ban untersucht LOG-Dateien wie z.B. (/var/log/httpd/error.log) und schließt diejenigen IP-Adressen vom Zugriff aus, welche beim Zugriff bestimmt Schlüsselwörter innerhalb des Zugriffes und der Protokollierung innerhalb der LOG-Datei ausweisen. fail2ban nutzt zum Ausschluss von bestimmten IP-Adressen den Paketfilter iptables und fügt hierzu gewisse Einträge, zum Regelwerk von iptables für eine definierte Zeit hinzu. fail2ban kann gleichzeitig auch bestimmte Aktionen, wie Benachrichtigung per e-Mail auslösen.

Voraussetzungen

Nachfolgend genannte Mindestvoraussetzungen sollten erfüllt sein, um fail2ban erfolgreich installieren und betreiben zu können:

  • python - Programmiersprache möglichst ab der Version 2.5 oder höher
  • iptables - Standard Paketfilter Software unter Linux

Zur Installation soll hier ein rpm-Paket aus einem Drittanbieter Repository - hier EPEL - zum Einsatz kommen.

Vorbereitungen

Vorbereitend für die Installation, ist es erforderlich das

  • rpm-Paket jwhois
  • Drittanbieter Repository - hier EPEL -

einzubinden.

jwhois installieren

Die Installation des rpm-Paktes jwhois kann über den Paket-Manager yum nachfolgender Befehl durchgeführt werden:

CentOS 6:

# yum install jwhois
Loaded plugins: priorities, refresh-packagekit, security
1259 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package jwhois.x86_64 0:4.0-19.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                 Repository      Size
================================================================================
Installing:
 jwhois           x86_64           4.0-19.el6              base           104 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 104 k
Installed size: 294 k
Is this ok [y/N]: y
Downloading Packages:
jwhois-4.0-19.el6.x86_64.rpm                             | 104 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : jwhois-4.0-19.el6.x86_64                                     1/1 
  Verifying  : jwhois-4.0-19.el6.x86_64                                     1/1 

Installed:
  jwhois.x86_64 0:4.0-19.el6                                                    

Complete!

CentOS 7:

# yum install jwhois
Loaded plugins: changelog, priorities
125 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package jwhois.x86_64 0:4.0-45.el7 will be installed
--> Processing Dependency: libidn2.so.0(IDN2_0.0.0)(64bit) for package: jwhois-4.0-45.el7.x86_64
--> Processing Dependency: libidn2.so.0()(64bit) for package: jwhois-4.0-45.el7.x86_64
--> Running transaction check
---> Package libidn2.x86_64 0:0.10-2.el7 will be installed
--> Finished Dependency Resolution

Changes in packages about to be updated:


Dependencies Resolved

================================================================================
 Package           Arch             Version                Repository      Size
================================================================================
Installing:
 jwhois            x86_64           4.0-45.el7             epel           116 k
Installing for dependencies:
 libidn2           x86_64           0.10-2.el7             epel            96 k

Transaction Summary
================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 212 k
Installed size: 633 k
Is this ok [y/d/N]: y
Downloading packages:
(1/2): jwhois-4.0-45.el7.x86_64.rpm                        | 116 kB   00:00     
(2/2): libidn2-0.10-2.el7.x86_64.rpm                       |  96 kB   00:00     
--------------------------------------------------------------------------------
Total                                              1.0 MB/s | 212 kB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libidn2-0.10-2.el7.x86_64                                    1/2 
  Installing : jwhois-4.0-45.el7.x86_64                                     2/2 
  Verifying  : libidn2-0.10-2.el7.x86_64                                    1/2 
  Verifying  : jwhois-4.0-45.el7.x86_64                                     2/2 

Installed:
  jwhois.x86_64 0:4.0-45.el7                                                    

Dependency Installed:
  libidn2.x86_64 0:0.10-2.el7                                                   

Complete!

Der Inhalt des Paketes jwhois.x86_64 kann mit nachfolgendem Befehl angezeigt werden:

CentOS 6:

# rpm -qil jwhois
Name        : jwhois                       Relocations: (not relocatable)
Version     : 4.0                               Vendor: CentOS
Release     : 19.el6                        Build Date: Fri 23 Sep 2011 01:19:46 PM CEST
Install Date: Thu 29 Nov 2012 04:14:14 PM CET      Build Host: c6b18n1.dev.centos.org
Group       : Applications/Internet         Source RPM: jwhois-4.0-19.el6.src.rpm
Size        : 300880                           License: GPLv3
Signature   : RSA/SHA1, Mon 26 Sep 2011 06:19:44 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.gnu.org/software/jwhois/
Summary     : Internet whois/nicname client
Description :
A whois client that accepts both traditional and finger-style queries.
/etc/jwhois.conf
/usr/bin/jwhois
/usr/bin/whois
/usr/share/doc/jwhois-4.0
/usr/share/doc/jwhois-4.0/AUTHORS
/usr/share/doc/jwhois-4.0/COPYING
/usr/share/doc/jwhois-4.0/ChangeLog
/usr/share/doc/jwhois-4.0/NEWS
/usr/share/doc/jwhois-4.0/README
/usr/share/doc/jwhois-4.0/TODO
/usr/share/info/jwhois.info.gz
/usr/share/locale/es/LC_MESSAGES/jwhois.mo
/usr/share/locale/fr/LC_MESSAGES/jwhois.mo
/usr/share/locale/hu/LC_MESSAGES/jwhois.mo
/usr/share/locale/id/LC_MESSAGES/jwhois.mo
/usr/share/locale/it/LC_MESSAGES/jwhois.mo
/usr/share/locale/nl/LC_MESSAGES/jwhois.mo
/usr/share/locale/pl/LC_MESSAGES/jwhois.mo
/usr/share/locale/pt_BR/LC_MESSAGES/jwhois.mo
/usr/share/locale/ro/LC_MESSAGES/jwhois.mo
/usr/share/locale/ru/LC_MESSAGES/jwhois.mo
/usr/share/locale/rw/LC_MESSAGES/jwhois.mo
/usr/share/locale/sv/LC_MESSAGES/jwhois.mo
/usr/share/locale/tr/LC_MESSAGES/jwhois.mo
/usr/share/locale/vi/LC_MESSAGES/jwhois.mo
/usr/share/locale/zh_TW/LC_MESSAGES/jwhois.mo
/usr/share/man/man1/jwhois.1.gz
/usr/share/man/man1/whois.1.gz
/usr/share/man/sv/man1/jwhois.1.gz

CentOS 7:

# rpm -qil jwhois
Name        : jwhois
Version     : 4.0
Release     : 45.el7
Architecture: x86_64
Install Date: Mon 12 Sep 2016 01:19:47 PM CEST
Group       : Applications/Internet
Size        : 343812
License     : GPLv3
Signature   : RSA/SHA256, Mon 08 Aug 2016 06:27:27 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : jwhois-4.0-45.el7.src.rpm
Build Date  : Mon 08 Aug 2016 01:18:56 PM CEST
Build Host  : buildvm-26.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.gnu.org/software/jwhois/
Summary     : Internet whois/nicname client
Description :
A whois client that accepts both traditional and finger-style queries.
/etc/jwhois.conf
/usr/bin/jwhois
/usr/bin/whois
/usr/share/doc/jwhois-4.0
/usr/share/doc/jwhois-4.0/AUTHORS
/usr/share/doc/jwhois-4.0/COPYING
/usr/share/doc/jwhois-4.0/ChangeLog
/usr/share/doc/jwhois-4.0/NEWS
/usr/share/doc/jwhois-4.0/README
/usr/share/doc/jwhois-4.0/TODO
/usr/share/info/jwhois.info.gz
/usr/share/locale/es/LC_MESSAGES/jwhois.mo
/usr/share/locale/fr/LC_MESSAGES/jwhois.mo
/usr/share/locale/hu/LC_MESSAGES/jwhois.mo
/usr/share/locale/id/LC_MESSAGES/jwhois.mo
/usr/share/locale/it/LC_MESSAGES/jwhois.mo
/usr/share/locale/nl/LC_MESSAGES/jwhois.mo
/usr/share/locale/pl/LC_MESSAGES/jwhois.mo
/usr/share/locale/pt_BR/LC_MESSAGES/jwhois.mo
/usr/share/locale/ro/LC_MESSAGES/jwhois.mo
/usr/share/locale/ru/LC_MESSAGES/jwhois.mo
/usr/share/locale/rw/LC_MESSAGES/jwhois.mo
/usr/share/locale/sv/LC_MESSAGES/jwhois.mo
/usr/share/locale/tr/LC_MESSAGES/jwhois.mo
/usr/share/locale/vi/LC_MESSAGES/jwhois.mo
/usr/share/locale/zh_TW/LC_MESSAGES/jwhois.mo
/usr/share/man/man1/jwhois.1.gz
/usr/share/man/man1/whois.1.gz
/usr/share/man/man1/whois.jwhois.1.gz
/usr/share/man/sv/man1/jwhois.1.gz

EPEL-Repository einbinden

Bevor externe Repository's eingebunden werden, sollte sichergestellt werden, dass keine Pakete aus externen Repositorys, die der eigentlichen CentOS-Repository's überschreiben.

Dies kann durch die Installation des sogenannten

  • Priorities-Plugin für den Paket-Manager yum

erfolgen.

Die Installation des Priorities-Plugin für den Paket-Manager yum wird durch nachfolgenden Befehl durchgeführt:

# yum install yum-plugin-priorities
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-priorities.noarch 0:1.1.30-14.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                     Arch         Version              Repository  Size
================================================================================
Installing:
 yum-plugin-priorities       noarch       1.1.30-14.el6        base        22 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 22 k
Installed size: 28 k
Is this ok [y/N]: y
Downloading Packages:
yum-plugin-priorities-1.1.30-14.el6.noarch.rpm           |  22 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-priorities-1.1.30-14.el6.noarch                   1/1 
  Verifying  : yum-plugin-priorities-1.1.30-14.el6.noarch                   1/1 

Installed:
  yum-plugin-priorities.noarch 0:1.1.30-14.el6                                  

Complete!

Der Inhalt des Paketes yum-plugin-priorities kann mit nachfolgendem Befehl angezeigt werden:

# rpm -qil yum-plugin-priorities
Name        : yum-plugin-priorities        Relocations: (not relocatable)
Version     : 1.1.30                            Vendor: CentOS
Release     : 14.el6                        Build Date: Fri 22 Jun 2012 02:23:05 PM CEST
Install Date: Fri 07 Sep 2012 11:28:52 AM CEST      Build Host: c6b8.bsys.dev.centos.org
Group       : System Environment/Base       Source RPM: yum-utils-1.1.30-14.el6.src.rpm
Size        : 28555                            License: GPLv2+
Signature   : RSA/SHA1, Mon 25 Jun 2012 12:20:22 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://yum.baseurl.org/download/yum-utils/
Summary     : plugin to give priorities to packages from different repos
Description :
This plugin allows repositories to have different priorities.
Packages in a repository with a lower priority can't be overridden by packages
from a repository with a higher priority even if repo has a later version.
/etc/yum/pluginconf.d/priorities.conf
/usr/lib/yum-plugins/priorities.py
/usr/lib/yum-plugins/priorities.pyc
/usr/lib/yum-plugins/priorities.pyo
/usr/share/doc/yum-plugin-priorities-1.1.30
/usr/share/doc/yum-plugin-priorities-1.1.30/COPYING

Entscheidend ist nun, im Verzeichnis

  • /etc/yum.repos.d/

den dort enthaltenen Repository-Konfigurationsdateien, durch Ergänzung nachfolgender Zeile, eine Priorität zuzuweisen (nur relevanter Ausschnitt):

...
priority=1
...

Was im Beispiel der Konfigurationsdatei

  • /etc/yum.repos.d/Centos-Base-repo

dann wie folgt aussehen könnte (nur beispielhafter relevanter Ausschnitt):

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
priority=1
...

:!: HINWEIS - Den eigenen Rpository's aus CentOS sollte eine höhere Priorität, durch Zuweisung einer kleineren Zahl gegeben werden!

Um EPEL auf den Servern/Knoten Nutzen zu können, muss nachfolgende Datei heruntergeladen werden, was mit nachfolgendem Befehl durchgeführt werden kann:

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
--2012-09-07 13:06:13--  http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
Resolving dl.fedoraproject.org... 209.132.181.23, 209.132.181.24, 209.132.181.25, ...
Connecting to dl.fedoraproject.org|209.132.181.23|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14496 (14K) [application/x-rpm]
Saving to: “epel-release-6-7.noarch.rpm”

100%[======================================>] 14,496      72.2K/s   in 0.2s    

2012-09-07 13:06:14 (72.2 KB/s) - “epel-release-6-7.noarch.rpm” saved [14496/14496]

Anschließend sollte zur Prüfung der Echtheit des soeben heruntergeladenen rpm-Pakets

  • epel-release-6-7.noarch.rpm

dessen Schlüssel, mit dem das Paket signiert wurde, in die RPM-Paket-Verwaltung importiert werden:

# rpm --import https://fedoraproject.org/static/0608B895.txt

Danach kann das so heruntergeladene Paket, mit nachfolgendem Befehl auf dessen Echtheit, überprüft werden:

# rpm -K epel-release-6-7.noarch.rpm 
epel-release-6-7.noarch.rpm: rsa sha1 (md5) pgp md5 OK

Abschließend kann dann, mit nachfolgendem Befehl, das Paket installiert werden:

# yum localinstall epel-release-6-7.noarch.rpm 
Loaded plugins: fastestmirror, priorities
Setting up Local Package Process
Examining epel-release-6-7.noarch.rpm: epel-release-6-7.noarch
Marking epel-release-6-7.noarch.rpm to be installed
Loading mirror speeds from cached hostfile
base                                                     | 3.7 kB     00:00     
extras                                                   | 3.0 kB     00:00     
updates                                                  | 3.5 kB     00:00     
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:6-7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package            Arch         Version   Repository                      Size
================================================================================
Installing:
 epel-release       noarch       6-7       /epel-release-6-7.noarch        22 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total size: 22 k
Installed size: 22 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : epel-release-6-7.noarch                                      1/1 
  Verifying  : epel-release-6-7.noarch                                      1/1 

Installed:
  epel-release.noarch 0:6-7                                                     

Complete!

Der Inhalt des Pakets epel-release-6-7.noarch kann mit nachfolgendem Befehl angezeigt werden:

# rpm -qil epel-release
Name        : epel-release                 Relocations: (not relocatable)
Version     : 6                                 Vendor: Fedora Project
Release     : 7                             Build Date: Wed 09 May 2012 05:58:17 PM CEST
Install Date: Fri 07 Sep 2012 11:41:46 AM CEST      Build Host: x86-03.phx2.fedoraproject.org
Group       : System Environment/Base       Source RPM: epel-release-6-7.src.rpm
Size        : 22169                            License: GPLv2
Signature   : RSA/8, Thu 10 May 2012 05:00:09 PM CEST, Key ID 3b49df2a0608b895
Packager    : Fedora Project
URL         : http://download.fedora.redhat.com/pub/epel
Summary     : Extra Packages for Enterprise Linux repository configuration
Description :
This package contains the Extra Packages for Enterprise Linux (EPEL) repository
GPG key as well as configuration for yum and up2date.
/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
/etc/rpm/macros.ghc-srpm
/etc/yum.repos.d/epel-testing.repo
/etc/yum.repos.d/epel.repo
/usr/share/doc/epel-release-6
/usr/share/doc/epel-release-6/GPL

:!: HINWEIS - Abschließend sollte hier die Priorität des EPEL-Repositorys, eine niedrigere Priorität, durch Zuweisung einer größeren Zahl, als die der eigenen Rpository's aus CentOS gegeben werden!

Was im Beispiel der Konfigurationsdatei

  • /etc/yum.repos.d/epel.repo

dann wie folgt aussehen könnte (nur beispielhafter relevanter Ausschnitt):

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
priority=10
...

Installation

Die Installation von fail2ban kann über den Paket-Manager yum mit nachfolgenden Befehl durchgeführt werden:

CentOS 6:

# yum install fail2ban
Loaded plugins: priorities, refresh-packagekit, security
1259 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.8.4-28.el6 will be installed
--> Processing Dependency: shorewall for package: fail2ban-0.8.4-28.el6.noarch
--> Processing Dependency: python-inotify for package: fail2ban-0.8.4-28.el6.noarch
--> Processing Dependency: gamin-python for package: fail2ban-0.8.4-28.el6.noarch
--> Running transaction check
---> Package gamin-python.x86_64 0:0.1.10-9.el6 will be installed
---> Package python-inotify.noarch 0:0.9.1-1.el6 will be installed
---> Package shorewall.noarch 0:4.5.4-1.el6 will be installed
--> Processing Dependency: shorewall-core = 4.5.4-1.el6 for package: shorewall-4.5.4-1.el6.noarch
--> Processing Dependency: perl(Digest::SHA) for package: shorewall-4.5.4-1.el6.noarch
--> Running transaction check
---> Package perl-Digest-SHA.x86_64 1:5.47-127.el6 will be installed
---> Package shorewall-core.noarch 0:4.5.4-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                Arch          Version                 Repository   Size
================================================================================
Installing:
 fail2ban               noarch        0.8.4-28.el6            epel        128 k
Installing for dependencies:
 gamin-python           x86_64        0.1.10-9.el6            base         33 k
 perl-Digest-SHA        x86_64        1:5.47-127.el6          base         62 k
 python-inotify         noarch        0.9.1-1.el6             epel         50 k
 shorewall              noarch        4.5.4-1.el6             epel        517 k
 shorewall-core         noarch        4.5.4-1.el6             epel         64 k

Transaction Summary
================================================================================
Install       6 Package(s)

Total download size: 854 k
Installed size: 3.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): fail2ban-0.8.4-28.el6.noarch.rpm                  | 128 kB     00:00     
(2/6): gamin-python-0.1.10-9.el6.x86_64.rpm              |  33 kB     00:00     
(3/6): perl-Digest-SHA-5.47-127.el6.x86_64.rpm           |  62 kB     00:00     
(4/6): python-inotify-0.9.1-1.el6.noarch.rpm             |  50 kB     00:00     
(5/6): shorewall-4.5.4-1.el6.noarch.rpm                  | 517 kB     00:00     
(6/6): shorewall-core-4.5.4-1.el6.noarch.rpm             |  64 kB     00:00     
--------------------------------------------------------------------------------
Total                                           2.8 MB/s | 854 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 1:perl-Digest-SHA-5.47-127.el6.x86_64                        1/6 
  Installing : gamin-python-0.1.10-9.el6.x86_64                             2/6 
  Installing : python-inotify-0.9.1-1.el6.noarch                            3/6 
  Installing : shorewall-core-4.5.4-1.el6.noarch                            4/6 
  Installing : shorewall-4.5.4-1.el6.noarch                                 5/6 
  Installing : fail2ban-0.8.4-28.el6.noarch                                 6/6 
  Verifying  : shorewall-core-4.5.4-1.el6.noarch                            1/6 
  Verifying  : python-inotify-0.9.1-1.el6.noarch                            2/6 
  Verifying  : fail2ban-0.8.4-28.el6.noarch                                 3/6 
  Verifying  : shorewall-4.5.4-1.el6.noarch                                 4/6 
  Verifying  : gamin-python-0.1.10-9.el6.x86_64                             5/6 
  Verifying  : 1:perl-Digest-SHA-5.47-127.el6.x86_64                        6/6 

Installed:
  fail2ban.noarch 0:0.8.4-28.el6                                                

Dependency Installed:
  gamin-python.x86_64 0:0.1.10-9.el6    perl-Digest-SHA.x86_64 1:5.47-127.el6  
  python-inotify.noarch 0:0.9.1-1.el6   shorewall.noarch 0:4.5.4-1.el6         
  shorewall-core.noarch 0:4.5.4-1.el6  

Complete!

CentOS 7:

:!: HINWEIS - Es soll auch unter CentOS 7 - iptables zum Einsatz kommen und nicht firewalld !

# yum install fail2ban-server fail2ban-systemd fail2ban-mail
Loaded plugins: changelog, priorities
125 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package fail2ban-mail.noarch 0:0.9.3-1.el7 will be installed
--> Processing Dependency: mailx for package: fail2ban-mail-0.9.3-1.el7.noarch
---> Package fail2ban-server.noarch 0:0.9.3-1.el7 will be installed
--> Processing Dependency: systemd-python for package: fail2ban-server-0.9.3-1.el7.noarch
--> Processing Dependency: ipset for package: fail2ban-server-0.9.3-1.el7.noarch
---> Package fail2ban-systemd.noarch 0:0.9.3-1.el7 will be installed
--> Running transaction check
---> Package ipset.x86_64 0:6.19-4.el7 will be installed
--> Processing Dependency: ipset-libs = 6.19-4.el7 for package: ipset-6.19-4.el7.x86_64
--> Processing Dependency: libipset.so.3(LIBIPSET_3.0)(64bit) for package: ipset-6.19-4.el7.x86_64
--> Processing Dependency: libipset.so.3(LIBIPSET_2.0)(64bit) for package: ipset-6.19-4.el7.x86_64
--> Processing Dependency: libipset.so.3(LIBIPSET_1.0)(64bit) for package: ipset-6.19-4.el7.x86_64
--> Processing Dependency: libipset.so.3()(64bit) for package: ipset-6.19-4.el7.x86_64
---> Package mailx.x86_64 0:12.5-12.el7_0 will be installed
---> Package systemd-python.x86_64 0:219-19.el7_2.12 will be installed
--> Running transaction check
---> Package ipset-libs.x86_64 0:6.19-4.el7 will be installed
--> Finished Dependency Resolution

Changes in packages about to be updated:


Dependencies Resolved

================================================================================
 Package                Arch         Version                Repository     Size
================================================================================
Installing:
 fail2ban-mail          noarch       0.9.3-1.el7            epel           13 k
 fail2ban-server        noarch       0.9.3-1.el7            epel          395 k
 fail2ban-systemd       noarch       0.9.3-1.el7            epel          9.9 k
Installing for dependencies:
 ipset                  x86_64       6.19-4.el7             base           36 k
 ipset-libs             x86_64       6.19-4.el7             base           46 k
 mailx                  x86_64       12.5-12.el7_0          base          244 k
 systemd-python         x86_64       219-19.el7_2.12        updates        99 k

Transaction Summary
================================================================================
Install  3 Packages (+4 Dependent packages)

Total download size: 843 k
Installed size: 2.2 M
Is this ok [y/d/N]: y
Downloading packages:
(1/7): fail2ban-mail-0.9.3-1.el7.noarch.rpm                |  13 kB   00:00     
(2/7): fail2ban-server-0.9.3-1.el7.noarch.rpm              | 395 kB   00:00     
(3/7): fail2ban-systemd-0.9.3-1.el7.noarch.rpm             | 9.9 kB   00:00     
(4/7): ipset-6.19-4.el7.x86_64.rpm                         |  36 kB   00:00     
(5/7): ipset-libs-6.19-4.el7.x86_64.rpm                    |  46 kB   00:00     
(6/7): mailx-12.5-12.el7_0.x86_64.rpm                      | 244 kB   00:00     
(7/7): systemd-python-219-19.el7_2.12.x86_64.rpm           |  99 kB   00:00     
--------------------------------------------------------------------------------
Total                                              1.1 MB/s | 843 kB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : systemd-python-219-19.el7_2.12.x86_64                        1/7 
  Installing : mailx-12.5-12.el7_0.x86_64                                   2/7 
  Installing : ipset-libs-6.19-4.el7.x86_64                                 3/7 
  Installing : ipset-6.19-4.el7.x86_64                                      4/7 
  Installing : fail2ban-server-0.9.3-1.el7.noarch                           5/7 
  Installing : fail2ban-mail-0.9.3-1.el7.noarch                             6/7 
  Installing : fail2ban-systemd-0.9.3-1.el7.noarch                          7/7 
  Verifying  : ipset-libs-6.19-4.el7.x86_64                                 1/7 
  Verifying  : ipset-6.19-4.el7.x86_64                                      2/7 
  Verifying  : fail2ban-server-0.9.3-1.el7.noarch                           3/7 
  Verifying  : fail2ban-mail-0.9.3-1.el7.noarch                             4/7 
  Verifying  : fail2ban-systemd-0.9.3-1.el7.noarch                          5/7 
  Verifying  : mailx-12.5-12.el7_0.x86_64                                   6/7 
  Verifying  : systemd-python-219-19.el7_2.12.x86_64                        7/7 

Installed:
  fail2ban-mail.noarch 0:0.9.3-1.el7      fail2ban-server.noarch 0:0.9.3-1.el7  
  fail2ban-systemd.noarch 0:0.9.3-1.el7  

Dependency Installed:
  ipset.x86_64 0:6.19-4.el7         ipset-libs.x86_64 0:6.19-4.el7              
  mailx.x86_64 0:12.5-12.el7_0      systemd-python.x86_64 0:219-19.el7_2.12     

Complete!

Der Inhalt des Paketes fail2ban.noarch kann mit nachfolgendem Befehl angezeigt werden:

CentOS 6:

# rpm -qil fail2ban
Name        : fail2ban                     Relocations: (not relocatable)
Version     : 0.8.4                             Vendor: Fedora Project
Release     : 28.el6                        Build Date: Sat 11 Feb 2012 08:28:14 AM CET
Install Date: Thu 29 Nov 2012 09:56:46 AM CET      Build Host: x86-12.phx2.fedoraproject.org
Group       : System Environment/Daemons    Source RPM: fail2ban-0.8.4-28.el6.src.rpm
Size        : 453036                           License: GPLv2+
Signature   : RSA/8, Sat 11 Feb 2012 05:49:05 PM CET, Key ID 3b49df2a0608b895
Packager    : Fedora Project
URL         : http://fail2ban.sourceforge.net/
Summary     : Ban IPs that make too many password failures
Description :
Fail2ban scans log files like /var/log/pwdfail or
/var/log/apache/error_log and bans IP that makes too many password
failures. It updates firewall rules to reject the IP address.
/etc/fail2ban
/etc/fail2ban/action.d
/etc/fail2ban/action.d/complain.conf
/etc/fail2ban/action.d/dshield.conf
/etc/fail2ban/action.d/hostsdeny.conf
/etc/fail2ban/action.d/ipfilter.conf
/etc/fail2ban/action.d/ipfw.conf
/etc/fail2ban/action.d/iptables-allports.conf
/etc/fail2ban/action.d/iptables-multiport-log.conf
/etc/fail2ban/action.d/iptables-multiport.conf
/etc/fail2ban/action.d/iptables-new.conf
/etc/fail2ban/action.d/iptables.conf
/etc/fail2ban/action.d/mail-buffered.conf
/etc/fail2ban/action.d/mail-whois-lines.conf
/etc/fail2ban/action.d/mail-whois.conf
/etc/fail2ban/action.d/mail.conf
/etc/fail2ban/action.d/mynetwatchman.conf
/etc/fail2ban/action.d/sendmail-buffered.conf
/etc/fail2ban/action.d/sendmail-whois-lines.conf
/etc/fail2ban/action.d/sendmail-whois.conf
/etc/fail2ban/action.d/sendmail.conf
/etc/fail2ban/action.d/shorewall.conf
/etc/fail2ban/fail2ban.conf
/etc/fail2ban/filter.d
/etc/fail2ban/filter.d/apache-auth.conf
/etc/fail2ban/filter.d/apache-badbots.conf
/etc/fail2ban/filter.d/apache-nohome.conf
/etc/fail2ban/filter.d/apache-noscript.conf
/etc/fail2ban/filter.d/apache-overflows.conf
/etc/fail2ban/filter.d/common.conf
/etc/fail2ban/filter.d/courierlogin.conf
/etc/fail2ban/filter.d/couriersmtp.conf
/etc/fail2ban/filter.d/cyrus-imap.conf
/etc/fail2ban/filter.d/exim.conf
/etc/fail2ban/filter.d/gssftpd.conf
/etc/fail2ban/filter.d/lighttpd-fastcgi.conf
/etc/fail2ban/filter.d/named-refused.conf
/etc/fail2ban/filter.d/pam-generic.conf
/etc/fail2ban/filter.d/php-url-fopen.conf
/etc/fail2ban/filter.d/postfix.conf
/etc/fail2ban/filter.d/proftpd.conf
/etc/fail2ban/filter.d/pure-ftpd.conf
/etc/fail2ban/filter.d/qmail.conf
/etc/fail2ban/filter.d/sasl.conf
/etc/fail2ban/filter.d/sieve.conf
/etc/fail2ban/filter.d/sshd-ddos.conf
/etc/fail2ban/filter.d/sshd.conf
/etc/fail2ban/filter.d/vsftpd.conf
/etc/fail2ban/filter.d/webmin-auth.conf
/etc/fail2ban/filter.d/wuftpd.conf
/etc/fail2ban/filter.d/xinetd-fail.conf
/etc/fail2ban/jail.conf
/etc/logrotate.d/fail2ban
/etc/rc.d/init.d/fail2ban
/etc/tmpfiles.d/fail2ban.conf
/usr/bin/fail2ban-client
/usr/bin/fail2ban-regex
/usr/bin/fail2ban-server
/usr/share/doc/fail2ban-0.8.4
/usr/share/doc/fail2ban-0.8.4/COPYING
/usr/share/doc/fail2ban-0.8.4/ChangeLog
/usr/share/doc/fail2ban-0.8.4/README
/usr/share/doc/fail2ban-0.8.4/TODO
/usr/share/fail2ban
/usr/share/fail2ban/client
/usr/share/fail2ban/client/__init__.py
/usr/share/fail2ban/client/__init__.pyc
/usr/share/fail2ban/client/__init__.pyo
/usr/share/fail2ban/client/actionreader.py
/usr/share/fail2ban/client/actionreader.pyc
/usr/share/fail2ban/client/actionreader.pyo
/usr/share/fail2ban/client/beautifier.py
/usr/share/fail2ban/client/beautifier.pyc
/usr/share/fail2ban/client/beautifier.pyo
/usr/share/fail2ban/client/configparserinc.py
/usr/share/fail2ban/client/configparserinc.pyc
/usr/share/fail2ban/client/configparserinc.pyo
/usr/share/fail2ban/client/configreader.py
/usr/share/fail2ban/client/configreader.pyc
/usr/share/fail2ban/client/configreader.pyo
/usr/share/fail2ban/client/configurator.py
/usr/share/fail2ban/client/configurator.pyc
/usr/share/fail2ban/client/configurator.pyo
/usr/share/fail2ban/client/csocket.py
/usr/share/fail2ban/client/csocket.pyc
/usr/share/fail2ban/client/csocket.pyo
/usr/share/fail2ban/client/fail2banreader.py
/usr/share/fail2ban/client/fail2banreader.pyc
/usr/share/fail2ban/client/fail2banreader.pyo
/usr/share/fail2ban/client/filterreader.py
/usr/share/fail2ban/client/filterreader.pyc
/usr/share/fail2ban/client/filterreader.pyo
/usr/share/fail2ban/client/jailreader.py
/usr/share/fail2ban/client/jailreader.pyc
/usr/share/fail2ban/client/jailreader.pyo
/usr/share/fail2ban/client/jailsreader.py
/usr/share/fail2ban/client/jailsreader.pyc
/usr/share/fail2ban/client/jailsreader.pyo
/usr/share/fail2ban/common
/usr/share/fail2ban/common/__init__.py
/usr/share/fail2ban/common/__init__.pyc
/usr/share/fail2ban/common/__init__.pyo
/usr/share/fail2ban/common/helpers.py
/usr/share/fail2ban/common/helpers.pyc
/usr/share/fail2ban/common/helpers.pyo
/usr/share/fail2ban/common/protocol.py
/usr/share/fail2ban/common/protocol.pyc
/usr/share/fail2ban/common/protocol.pyo
/usr/share/fail2ban/common/version.py
/usr/share/fail2ban/common/version.pyc
/usr/share/fail2ban/common/version.pyo
/usr/share/fail2ban/fail2ban-0.8.4-py2.6.egg-info
/usr/share/fail2ban/server
/usr/share/fail2ban/server/__init__.py
/usr/share/fail2ban/server/__init__.pyc
/usr/share/fail2ban/server/__init__.pyo
/usr/share/fail2ban/server/action.py
/usr/share/fail2ban/server/action.pyc
/usr/share/fail2ban/server/action.pyo
/usr/share/fail2ban/server/actions.py
/usr/share/fail2ban/server/actions.pyc
/usr/share/fail2ban/server/actions.pyo
/usr/share/fail2ban/server/asyncserver.py
/usr/share/fail2ban/server/asyncserver.pyc
/usr/share/fail2ban/server/asyncserver.pyo
/usr/share/fail2ban/server/banmanager.py
/usr/share/fail2ban/server/banmanager.pyc
/usr/share/fail2ban/server/banmanager.pyo
/usr/share/fail2ban/server/datedetector.py
/usr/share/fail2ban/server/datedetector.pyc
/usr/share/fail2ban/server/datedetector.pyo
/usr/share/fail2ban/server/datetemplate.py
/usr/share/fail2ban/server/datetemplate.pyc
/usr/share/fail2ban/server/datetemplate.pyo
/usr/share/fail2ban/server/faildata.py
/usr/share/fail2ban/server/faildata.pyc
/usr/share/fail2ban/server/faildata.pyo
/usr/share/fail2ban/server/failmanager.py
/usr/share/fail2ban/server/failmanager.pyc
/usr/share/fail2ban/server/failmanager.pyo
/usr/share/fail2ban/server/failregex.py
/usr/share/fail2ban/server/failregex.pyc
/usr/share/fail2ban/server/failregex.pyo
/usr/share/fail2ban/server/filter.py
/usr/share/fail2ban/server/filter.pyc
/usr/share/fail2ban/server/filter.pyo
/usr/share/fail2ban/server/filtergamin.py
/usr/share/fail2ban/server/filtergamin.pyc
/usr/share/fail2ban/server/filtergamin.pyo
/usr/share/fail2ban/server/filterinotify.py
/usr/share/fail2ban/server/filterinotify.pyc
/usr/share/fail2ban/server/filterinotify.pyo
/usr/share/fail2ban/server/filterpoll.py
/usr/share/fail2ban/server/filterpoll.pyc
/usr/share/fail2ban/server/filterpoll.pyo
/usr/share/fail2ban/server/iso8601.py
/usr/share/fail2ban/server/iso8601.pyc
/usr/share/fail2ban/server/iso8601.pyo
/usr/share/fail2ban/server/jail.py
/usr/share/fail2ban/server/jail.pyc
/usr/share/fail2ban/server/jail.pyo
/usr/share/fail2ban/server/jails.py
/usr/share/fail2ban/server/jails.pyc
/usr/share/fail2ban/server/jails.pyo
/usr/share/fail2ban/server/jailthread.py
/usr/share/fail2ban/server/jailthread.pyc
/usr/share/fail2ban/server/jailthread.pyo
/usr/share/fail2ban/server/mytime.py
/usr/share/fail2ban/server/mytime.pyc
/usr/share/fail2ban/server/mytime.pyo
/usr/share/fail2ban/server/server.py
/usr/share/fail2ban/server/server.pyc
/usr/share/fail2ban/server/server.pyo
/usr/share/fail2ban/server/ticket.py
/usr/share/fail2ban/server/ticket.pyc
/usr/share/fail2ban/server/ticket.pyo
/usr/share/fail2ban/server/transmitter.py
/usr/share/fail2ban/server/transmitter.pyc
/usr/share/fail2ban/server/transmitter.pyo
/usr/share/man/man1/fail2ban-client.1.gz
/usr/share/man/man1/fail2ban-regex.1.gz
/usr/share/man/man1/fail2ban-server.1.gz
/var/lib/fail2ban
/var/run/fail2ban

Der Inhalt der Pakete fail2ban-server.noarch, fail2ban-systemd.noarch und fail2ban-mail.noarch kann mit nachfolgenden Befehlen angezeigt werden:

CentOS 7:

# rpm -qil fail2ban-server fail2ban-systemd fail2ban-mail
Name        : fail2ban-server
Version     : 0.9.3
Release     : 1.el7
Architecture: noarch
Install Date: Mon 12 Sep 2016 01:32:27 PM CEST
Group       : Unspecified
Size        : 1378539
License     : GPLv2+
Signature   : RSA/SHA256, Sun 13 Sep 2015 06:58:28 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : fail2ban-0.9.3-1.el7.src.rpm
Build Date  : Sat 12 Sep 2015 11:19:16 PM CEST
Build Host  : buildvm-04.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://fail2ban.sourceforge.net/
Summary     : Core server component for Fail2Ban
Description :
This package contains the core server components for Fail2Ban with minimal
dependencies.  You can install this directly if you want to have a small
installation and know what you are doing.
/etc/fail2ban
/etc/fail2ban/action.d
/etc/fail2ban/action.d/apf.conf
/etc/fail2ban/action.d/badips.conf
/etc/fail2ban/action.d/badips.py
/etc/fail2ban/action.d/badips.pyc
/etc/fail2ban/action.d/badips.pyo
/etc/fail2ban/action.d/blocklist_de.conf
/etc/fail2ban/action.d/cloudflare.conf
/etc/fail2ban/action.d/dshield.conf
/etc/fail2ban/action.d/dummy.conf
/etc/fail2ban/action.d/firewallcmd-allports.conf
/etc/fail2ban/action.d/firewallcmd-ipset.conf
/etc/fail2ban/action.d/firewallcmd-multiport.conf
/etc/fail2ban/action.d/firewallcmd-new.conf
/etc/fail2ban/action.d/iptables-allports.conf
/etc/fail2ban/action.d/iptables-common.conf
/etc/fail2ban/action.d/iptables-ipset-proto4.conf
/etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf
/etc/fail2ban/action.d/iptables-ipset-proto6.conf
/etc/fail2ban/action.d/iptables-multiport-log.conf
/etc/fail2ban/action.d/iptables-multiport.conf
/etc/fail2ban/action.d/iptables-new.conf
/etc/fail2ban/action.d/iptables-xt_recent-echo.conf
/etc/fail2ban/action.d/iptables.conf
/etc/fail2ban/action.d/mail.conf
/etc/fail2ban/action.d/mynetwatchman.conf
/etc/fail2ban/action.d/nsupdate.conf
/etc/fail2ban/action.d/route.conf
/etc/fail2ban/action.d/sendmail.conf
/etc/fail2ban/action.d/shorewall-ipset-proto6.conf
/etc/fail2ban/action.d/smtp.py
/etc/fail2ban/action.d/smtp.pyc
/etc/fail2ban/action.d/smtp.pyo
/etc/fail2ban/action.d/symbiosis-blacklist-allports.conf
/etc/fail2ban/action.d/xarf-login-attack.conf
/etc/fail2ban/fail2ban.conf
/etc/fail2ban/fail2ban.d
/etc/fail2ban/filter.d
/etc/fail2ban/filter.d/3proxy.conf
/etc/fail2ban/filter.d/apache-auth.conf
/etc/fail2ban/filter.d/apache-badbots.conf
/etc/fail2ban/filter.d/apache-botsearch.conf
/etc/fail2ban/filter.d/apache-common.conf
/etc/fail2ban/filter.d/apache-fakegooglebot.conf
/etc/fail2ban/filter.d/apache-modsecurity.conf
/etc/fail2ban/filter.d/apache-nohome.conf
/etc/fail2ban/filter.d/apache-noscript.conf
/etc/fail2ban/filter.d/apache-overflows.conf
/etc/fail2ban/filter.d/apache-pass.conf
/etc/fail2ban/filter.d/apache-shellshock.conf
/etc/fail2ban/filter.d/assp.conf
/etc/fail2ban/filter.d/asterisk.conf
/etc/fail2ban/filter.d/botsearch-common.conf
/etc/fail2ban/filter.d/common.conf
/etc/fail2ban/filter.d/counter-strike.conf
/etc/fail2ban/filter.d/courier-auth.conf
/etc/fail2ban/filter.d/courier-smtp.conf
/etc/fail2ban/filter.d/cyrus-imap.conf
/etc/fail2ban/filter.d/directadmin.conf
/etc/fail2ban/filter.d/dovecot.conf
/etc/fail2ban/filter.d/dropbear.conf
/etc/fail2ban/filter.d/drupal-auth.conf
/etc/fail2ban/filter.d/ejabberd-auth.conf
/etc/fail2ban/filter.d/exim-common.conf
/etc/fail2ban/filter.d/exim-spam.conf
/etc/fail2ban/filter.d/exim.conf
/etc/fail2ban/filter.d/freeswitch.conf
/etc/fail2ban/filter.d/froxlor-auth.conf
/etc/fail2ban/filter.d/groupoffice.conf
/etc/fail2ban/filter.d/gssftpd.conf
/etc/fail2ban/filter.d/guacamole.conf
/etc/fail2ban/filter.d/horde.conf
/etc/fail2ban/filter.d/ignorecommands
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
/etc/fail2ban/filter.d/kerio.conf
/etc/fail2ban/filter.d/lighttpd-auth.conf
/etc/fail2ban/filter.d/monit.conf
/etc/fail2ban/filter.d/mysqld-auth.conf
/etc/fail2ban/filter.d/nagios.conf
/etc/fail2ban/filter.d/named-refused.conf
/etc/fail2ban/filter.d/nginx-botsearch.conf
/etc/fail2ban/filter.d/nginx-http-auth.conf
/etc/fail2ban/filter.d/nsd.conf
/etc/fail2ban/filter.d/openwebmail.conf
/etc/fail2ban/filter.d/oracleims.conf
/etc/fail2ban/filter.d/pam-generic.conf
/etc/fail2ban/filter.d/perdition.conf
/etc/fail2ban/filter.d/php-url-fopen.conf
/etc/fail2ban/filter.d/portsentry.conf
/etc/fail2ban/filter.d/postfix-rbl.conf
/etc/fail2ban/filter.d/postfix-sasl.conf
/etc/fail2ban/filter.d/postfix.conf
/etc/fail2ban/filter.d/proftpd.conf
/etc/fail2ban/filter.d/pure-ftpd.conf
/etc/fail2ban/filter.d/qmail.conf
/etc/fail2ban/filter.d/recidive.conf
/etc/fail2ban/filter.d/roundcube-auth.conf
/etc/fail2ban/filter.d/selinux-common.conf
/etc/fail2ban/filter.d/selinux-ssh.conf
/etc/fail2ban/filter.d/sendmail-auth.conf
/etc/fail2ban/filter.d/sendmail-reject.conf
/etc/fail2ban/filter.d/sieve.conf
/etc/fail2ban/filter.d/sogo-auth.conf
/etc/fail2ban/filter.d/solid-pop3d.conf
/etc/fail2ban/filter.d/squid.conf
/etc/fail2ban/filter.d/squirrelmail.conf
/etc/fail2ban/filter.d/sshd-ddos.conf
/etc/fail2ban/filter.d/sshd.conf
/etc/fail2ban/filter.d/stunnel.conf
/etc/fail2ban/filter.d/suhosin.conf
/etc/fail2ban/filter.d/tine20.conf
/etc/fail2ban/filter.d/uwimap-auth.conf
/etc/fail2ban/filter.d/vsftpd.conf
/etc/fail2ban/filter.d/webmin-auth.conf
/etc/fail2ban/filter.d/wuftpd.conf
/etc/fail2ban/filter.d/xinetd-fail.conf
/etc/fail2ban/jail.conf
/etc/fail2ban/jail.d
/etc/fail2ban/paths-common.conf
/etc/fail2ban/paths-debian.conf
/etc/fail2ban/paths-fedora.conf
/etc/fail2ban/paths-freebsd.conf
/etc/fail2ban/paths-osx.conf
/etc/logrotate.d/fail2ban
/etc/tmpfiles.d/fail2ban.conf
/usr/bin/fail2ban-client
/usr/bin/fail2ban-regex
/usr/bin/fail2ban-server
/usr/bin/fail2ban-testcases
/usr/lib/python2.7/site-packages/fail2ban
/usr/lib/python2.7/site-packages/fail2ban-0.9.3-py2.7.egg-info
/usr/lib/python2.7/site-packages/fail2ban/__init__.py
/usr/lib/python2.7/site-packages/fail2ban/__init__.pyc
/usr/lib/python2.7/site-packages/fail2ban/__init__.pyo
/usr/lib/python2.7/site-packages/fail2ban/client
/usr/lib/python2.7/site-packages/fail2ban/client/__init__.py
/usr/lib/python2.7/site-packages/fail2ban/client/__init__.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/__init__.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/actionreader.py
/usr/lib/python2.7/site-packages/fail2ban/client/actionreader.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/actionreader.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/beautifier.py
/usr/lib/python2.7/site-packages/fail2ban/client/beautifier.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/beautifier.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/configparserinc.py
/usr/lib/python2.7/site-packages/fail2ban/client/configparserinc.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/configparserinc.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/configreader.py
/usr/lib/python2.7/site-packages/fail2ban/client/configreader.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/configreader.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/configurator.py
/usr/lib/python2.7/site-packages/fail2ban/client/configurator.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/configurator.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/csocket.py
/usr/lib/python2.7/site-packages/fail2ban/client/csocket.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/csocket.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/fail2banreader.py
/usr/lib/python2.7/site-packages/fail2ban/client/fail2banreader.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/fail2banreader.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/filterreader.py
/usr/lib/python2.7/site-packages/fail2ban/client/filterreader.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/filterreader.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/jailreader.py
/usr/lib/python2.7/site-packages/fail2ban/client/jailreader.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/jailreader.pyo
/usr/lib/python2.7/site-packages/fail2ban/client/jailsreader.py
/usr/lib/python2.7/site-packages/fail2ban/client/jailsreader.pyc
/usr/lib/python2.7/site-packages/fail2ban/client/jailsreader.pyo
/usr/lib/python2.7/site-packages/fail2ban/exceptions.py
/usr/lib/python2.7/site-packages/fail2ban/exceptions.pyc
/usr/lib/python2.7/site-packages/fail2ban/exceptions.pyo
/usr/lib/python2.7/site-packages/fail2ban/helpers.py
/usr/lib/python2.7/site-packages/fail2ban/helpers.pyc
/usr/lib/python2.7/site-packages/fail2ban/helpers.pyo
/usr/lib/python2.7/site-packages/fail2ban/protocol.py
/usr/lib/python2.7/site-packages/fail2ban/protocol.pyc
/usr/lib/python2.7/site-packages/fail2ban/protocol.pyo
/usr/lib/python2.7/site-packages/fail2ban/server
/usr/lib/python2.7/site-packages/fail2ban/server/__init__.py
/usr/lib/python2.7/site-packages/fail2ban/server/__init__.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/__init__.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/action.py
/usr/lib/python2.7/site-packages/fail2ban/server/action.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/action.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/actions.py
/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/asyncserver.py
/usr/lib/python2.7/site-packages/fail2ban/server/asyncserver.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/asyncserver.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/banmanager.py
/usr/lib/python2.7/site-packages/fail2ban/server/banmanager.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/banmanager.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/database.py
/usr/lib/python2.7/site-packages/fail2ban/server/database.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/database.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/datedetector.py
/usr/lib/python2.7/site-packages/fail2ban/server/datedetector.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/datedetector.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/datetemplate.py
/usr/lib/python2.7/site-packages/fail2ban/server/datetemplate.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/datetemplate.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/faildata.py
/usr/lib/python2.7/site-packages/fail2ban/server/faildata.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/faildata.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/failmanager.py
/usr/lib/python2.7/site-packages/fail2ban/server/failmanager.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/failmanager.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/failregex.py
/usr/lib/python2.7/site-packages/fail2ban/server/failregex.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/failregex.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/filter.py
/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/filtergamin.py
/usr/lib/python2.7/site-packages/fail2ban/server/filtergamin.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/filtergamin.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/filterpoll.py
/usr/lib/python2.7/site-packages/fail2ban/server/filterpoll.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/filterpoll.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/filterpyinotify.py
/usr/lib/python2.7/site-packages/fail2ban/server/filterpyinotify.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/filterpyinotify.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py
/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/jail.py
/usr/lib/python2.7/site-packages/fail2ban/server/jail.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/jail.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/jails.py
/usr/lib/python2.7/site-packages/fail2ban/server/jails.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/jails.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py
/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/mytime.py
/usr/lib/python2.7/site-packages/fail2ban/server/mytime.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/mytime.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/server.py
/usr/lib/python2.7/site-packages/fail2ban/server/server.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/server.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/strptime.py
/usr/lib/python2.7/site-packages/fail2ban/server/strptime.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/strptime.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/ticket.py
/usr/lib/python2.7/site-packages/fail2ban/server/ticket.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/ticket.pyo
/usr/lib/python2.7/site-packages/fail2ban/server/transmitter.py
/usr/lib/python2.7/site-packages/fail2ban/server/transmitter.pyc
/usr/lib/python2.7/site-packages/fail2ban/server/transmitter.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests
/usr/lib/python2.7/site-packages/fail2ban/tests/__init__.py
/usr/lib/python2.7/site-packages/fail2ban/tests/__init__.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/__init__.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/__init__.py
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/__init__.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/__init__.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_badips.py
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_badips.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_badips.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_smtp.py
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_smtp.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_smtp.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/actionstestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/actionstestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/actionstestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/actiontestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/actiontestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/actiontestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/banmanagertestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/banmanagertestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/banmanagertestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/clientreadertestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/clientreadertestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/clientreadertestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/config
/usr/lib/python2.7/site-packages/fail2ban/tests/config/action.d
/usr/lib/python2.7/site-packages/fail2ban/tests/config/action.d/brokenaction.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/config/fail2ban.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d
/usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d/simple.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d/test.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d/test.local
/usr/lib/python2.7/site-packages/fail2ban/tests/config/jail.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/databasetestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/databasetestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/databasetestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/datedetectortestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/datedetectortestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/datedetectortestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/dummyjail.py
/usr/lib/python2.7/site-packages/fail2ban/tests/dummyjail.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/dummyjail.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/failmanagertestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/failmanagertestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/failmanagertestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_checkainfo.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_checkainfo.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_checkainfo.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_errors.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_errors.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_errors.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_modifyainfo.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_modifyainfo.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_modifyainfo.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_noAction.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_noAction.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_noAction.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_nomethod.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_nomethod.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_nomethod.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/README
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/file
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_anon
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_time
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/noentry
/usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/noentry/.htaccess
/usr/lib/python2.7/site-packages/fail2ban/tests/files/database_v1.db
/usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d
/usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d/substition.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d/testcase-common.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d/testcase01.conf
/usr/lib/python2.7/site-packages/fail2ban/tests/files/ignorecommand.py
/usr/lib/python2.7/site-packages/fail2ban/tests/files/ignorecommand.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/files/ignorecommand.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/3proxy
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-badbots
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-botsearch
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-fakegooglebot
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-modsecurity
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-nohome
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-noscript
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-overflows
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-pass
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-shellshock
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/assp
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/asterisk
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd/syslog-plain.txt
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd/syslog-v.txt
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd/syslog-vv.txt
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/counter-strike
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/courier-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/courier-smtp
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/cyrus-imap
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/directadmin
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/dovecot
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/dropbear
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/drupal-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/ejabberd-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/exim
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/exim-spam
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/freeswitch
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/froxlor-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/groupoffice
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/gssftpd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/guacamole
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/horde
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/kerio
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/lighttpd-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/monit
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/mysqld-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nagios
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/named-refused
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nginx-botsearch
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nginx-http-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nsd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/openwebmail
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/oracleims
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/pam-generic
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/perdition
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/php-url-fopen
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/portsentry
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/postfix
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/postfix-rbl
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/postfix-sasl
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/proftpd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/pure-ftpd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/qmail
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/recidive
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/roundcube-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/selinux-ssh
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sendmail-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sendmail-reject
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sieve
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sogo-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/solid-pop3d
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/squid
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/squirrelmail
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sshd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sshd-ddos
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/stunnel
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/suhosin
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/tine20
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/uwimap-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/vsftpd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/webmin-auth
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/wuftpd
/usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/xinetd-fail
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase-journal.log
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase-multiline.log
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase-usedns.log
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase01.log
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase02.log
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase03.log
/usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase04.log
/usr/lib/python2.7/site-packages/fail2ban/tests/filtertestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/filtertestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/filtertestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/misctestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/misctestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/misctestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/samplestestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/samplestestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/samplestestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/servertestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/servertestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/servertestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/sockettestcase.py
/usr/lib/python2.7/site-packages/fail2ban/tests/sockettestcase.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/sockettestcase.pyo
/usr/lib/python2.7/site-packages/fail2ban/tests/utils.py
/usr/lib/python2.7/site-packages/fail2ban/tests/utils.pyc
/usr/lib/python2.7/site-packages/fail2ban/tests/utils.pyo
/usr/lib/python2.7/site-packages/fail2ban/version.py
/usr/lib/python2.7/site-packages/fail2ban/version.pyc
/usr/lib/python2.7/site-packages/fail2ban/version.pyo
/usr/lib/systemd/system/fail2ban.service
/usr/share/doc/fail2ban-server-0.9.3
/usr/share/doc/fail2ban-server-0.9.3/COPYING
/usr/share/doc/fail2ban-server-0.9.3/ChangeLog
/usr/share/doc/fail2ban-server-0.9.3/README.md
/usr/share/doc/fail2ban-server-0.9.3/TODO
/usr/share/doc/fail2ban-server-0.9.3/requirements.txt
/usr/share/doc/fail2ban-server-0.9.3/run-rootless.txt
/usr/share/man/man1/fail2ban-client.1.gz
/usr/share/man/man1/fail2ban-regex.1.gz
/usr/share/man/man1/fail2ban-server.1.gz
/usr/share/man/man1/fail2ban-testcases.1.gz
/usr/share/man/man1/fail2ban.1.gz
/usr/share/man/man5/jail.conf.5.gz
/var/lib/fail2ban
/var/run/fail2ban
Name        : fail2ban-systemd
Version     : 0.9.3
Release     : 1.el7
Architecture: noarch
Install Date: Mon 12 Sep 2016 01:32:28 PM CEST
Group       : Unspecified
Size        : 272
License     : GPLv2+
Signature   : RSA/SHA256, Sun 13 Sep 2015 06:58:13 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : fail2ban-0.9.3-1.el7.src.rpm
Build Date  : Sat 12 Sep 2015 11:19:16 PM CEST
Build Host  : buildvm-04.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://fail2ban.sourceforge.net/
Summary     : Systemd journal configuration for Fail2Ban
Description :
This package configures Fail2Ban to use the systemd journal for its log input
by default.
/etc/fail2ban/jail.d/00-systemd.conf
Name        : fail2ban-mail
Version     : 0.9.3
Release     : 1.el7
Architecture: noarch
Install Date: Mon 12 Sep 2016 01:32:28 PM CEST
Group       : Unspecified
Size        : 11104
License     : GPLv2+
Signature   : RSA/SHA256, Sun 13 Sep 2015 07:06:55 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : fail2ban-0.9.3-1.el7.src.rpm
Build Date  : Sat 12 Sep 2015 11:19:16 PM CEST
Build Host  : buildvm-04.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://fail2ban.sourceforge.net/
Summary     : Mail actions for Fail2Ban
Description :
This package installs Fail2Ban's mail actions.  These are an alternative
to the default sendmail actions.
/etc/fail2ban/action.d/complain.conf
/etc/fail2ban/action.d/mail-buffered.conf
/etc/fail2ban/action.d/mail-whois-common.conf
/etc/fail2ban/action.d/mail-whois-lines.conf
/etc/fail2ban/action.d/mail-whois.conf

Bestandteile

Nachfolgend sollen kurz die Bestandteile und deren Funktionsweise und Bedeutung innerhalb von fail2ban erläutert werden.

Definitionen

Bevor mit der Kurzdarstellung von fail2ban begonnen wird, sollen nachfolgende Begriffe, zum besseren Verständnis, kurz erläutert werden:

Begriff Erklärung
filter Ein filter definiert eine regular Expression, welche ein Muster innerhlb einer LOG-Datei erkennen kann.
action Eine action definiert eine oder mehrere Aktionen, welche zu einem bestimmten Ereignis ausgeführt werden.
jail Ein jail ist eine Kombination aus einem - filter und einer oder mehreren - action.
fail2ban kann mehere jail's gleichzeitig abhandeln!
client Bezeichnet bzw. verweist aus das Skript - fail2ban-client.
server Bezeichnet bzw. verweist aus das Skript - fail2ban-server.

Server

fail2ban besteht aus zwei Teilen, einem client und einem server. Der server kann aus einem oder mehreren Prozessen bestehen und lauscht auf einem unix-socket nach eingehenden Befehlen. Der server selbst kennt keine Konfigurationen, welche die Überwachung der LOG-Dateien beschreiben. Beim Start des server befindet sich dieser in einer Art Standard-Modus, in dem dieser keinerlei Informationen über die Existenz von jail's kennt.

:!: HINWEIS - Der server sollte nicht direkt angesprochen werden!

Client

Der zweite Teil von fail2ban ist der client. Dieser kann auch als Frontend für den server bezeichnet werden. Der client verbindet sich mit dem server über den unix-socket und sendet Befehle an den server, welche den server konfigurieren und steuern.

Der client liest die Konfigurationsdateien ein und kann auch dazu verwendet werden, einfache Befehle an den server zu übermitteln. Die Befehlsübermittlung kann über die Befehlszeile oder auch in einem Interaktiven-Modus erfolgen. Der client ist sogar in der Lage den server zu starten.

Alle Angaben, welche in den Konfigurationsdateien hinterlegt sind, können auch direkt z.B. über die Befehlszeile dem client übermittelt werden. Die Verwendung von Konfigurationsdateien, stellt bei fail2ban nur eine einfache und effiziente Möglichkeit dar, Befehle über den client an den server zu übermitteln.

:!: HINWEIS - Das Prinzip ist ähnlich wie bei iptables!

Konfiguration

Nachfolgend sollen die einzelnen Konfigurationsdateien von fail2ban vorgestellt und erläutert werden.

/etc/fail2ban/fail2ban.conf

Die Konfigurationsdatei

  • /etc/fail2ban/fail2ban.conf

enthält die globalen Einstellungen für den fail2ban - server.

Hier können z.B. das LOG-Level und das Ziel der LOG-Schreibung (Standard ist SYSLOG) sowie auch der unix-socket angegeben werden.

:!: HINWEIS - Aktuelle werden alle Meldungen von fail2ban nach SYSLOG und auf die aktive Console/shell geschrieben !

Falls das im Hinweis beschriebene Verhalten nicht gewünscht sein sollte, kann nachfolgende Änderung dies beheben:

:!: WICHTIG - Es sollte die Originaldatei - /etc/fail2ban/fail2ban.conf - NICHT verändert werden!

Stattdessen sollte eine Konfigurationsdatei mit Namen

  • /etc/fail2ban/fail2ban.local

mit nachfolgendem Befehl angelegt werden:

# touch /etc/fail2ban/fail2ban.local

Der Inhalt der neuen, lokalen (local) Konfigurationsdatei, könnte dann wie folgt aussehen:

[Definition]

# Option:  logtarget
# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#          Only one log target can be specified.
# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
#
# Tachtler
# default: logtarget = SYSLOG
logtarget = /var/log/fail2ban.log

:!: HINWEIS - Da hier der Standard Speicherort verwendet wird, ist keine Anpassung der Konfigurationsdatei

  • /etc/logrotate.d/fail2ban

notwendig !!!

/etc/fail2ban/jail.conf

Die wohl wichtigste Konfigurationsdatei von fail2ban ist

  • /etc/fail2ban/jail.conf

:!: WICHTIG - Es sollte die Originaldatei - /etc/fail2ban/jail.conf - NICHT verändert werden!

Stattdessen sollte eine Konfigurationsdatei mit Namen

  • /etc/fail2ban/jail.local

mit nachfolgendem Befehl angelegt werden:

# touch /etc/fail2ban/jail.local

Diese enthält die Definitionen der einzelnen jail's von fail2ban. Standardmäßig sind einige Vorlagen hier enthalten, welche nur enabled - aktiviert werden müssen und ggf. an die persönlichen Bedürfnisse angepasst werden können.

Bevor auf die einzelnen jail's und deren Definition eingegangen werden soll, soll hier noch die Definition

  • [DEFAULT]

besprochen werden, welche Standardwerte für weitere jail's setzte, falls diese nicht in den einzelnen jail Definitionen überschrieben werden:

Konfiguration Standartwert Beschreibung
ignoreip 127.0.0.1 (localhost) Liste der IP-Adressen die von fail2ban ignoriert werden
bantime 600 (10 Minuten) Anzahl an Sekunden, die eine IP-Adresse gebannt wird
findtime 600 (10 Minuten) Anzahl an Sekunden, in denen das erneute Auffinden einer IP-Adresse überwacht bzw. gewertet wird
maxretry 3 Maximale Anzahl, die eine IP-Adresse aufgefunden werden kann und dann die Sperrung erfolgt
backend auto Backend, welches zur Überwachung von Dateioperationen verwendet wird

:!: HINWEIS - Angaben innerhalb von jail's - überschreiben die Standardwerte aus der Definition [DEFAULT]!

Grundsätzlich ist ein jail immer dann gebildet, wenn ein filter und mindestens eine action in einer Definition aktiv sind.

:!: HINWEIS - Eine Definition für ein jail beginnt immer mit eckigen Klammern - [ … ]!

Standardmäßig ist eine Definition als enabled = true - aktiv gesetzt und zwar die Definition

  • [ssh-iptables]

Die Definition [ssh-iptables] sieht wie folgt aus und soll hier beispielhaft erklärt werden:

...
[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           mail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/secure
maxretry = 5
...
Konfiguration Standartwert Beschreibung
[ssh-iptables] Name der Definition
enabled true Aktiviert [ja/nein]
filter sshd siehe Konfiguration in /etc/fail2ban/filter.d/sshd.conf
action iptables… siehe Konfiguration in /etc/fail2ban/action.d/iptables.conf
logpath /var/log/secure Pfad zur zu überwachenden LOG-Datei
maxretry 5 (überschrieben) Maximale Anzahl, die eine IP-Adresse aufgefunden werden kann und dann die Sperrung erfolgt

/etc/fail2ban/filter.d

Im Verzeichnis

  • /etc/fail2ban/filter.d

sind die Konfigurationsdateien für die regular expression abgelegt auf die in den LOG-Dateien gesucht wird.

/etc/fail2ban/action.d

Im Verzeichnis

  • /etc/fail2ban/action.d

sind die Konfigurationsdateien für die Ausführung von Scripten/Befehlen grob gesagt Aktionen die durch fail2ban dann ausgeführt werden.

Server Starten

Vor dem Server-Start kann, wie nachfolgend gezeigt, die Konfiguration überprüft werden.

Um die aktuelle Konfiguration zu überprüfen, kann nachfolgender Befehl genutzt werden, welche alle Konfigurationsdateien berücksichtige und die Konfiguration anzeigt, die an den server übermittelt wird:

# fail2ban-client -d
WARNING 'action' not defined in 'php-url-fopen'. Using default value
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
['set', 'loglevel', 3]
['set', 'logtarget', 'SYSLOG']
['add', 'ssh-iptables', 'auto']
['set', 'ssh-iptables', 'addlogpath', '/var/log/secure']
['set', 'ssh-iptables', 'maxretry', 5]
['set', 'ssh-iptables', 'addignoreip', '127.0.0.1']
['set', 'ssh-iptables', 'findtime', 600]
['set', 'ssh-iptables', 'bantime', 600]
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\\s*$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User \\S+ from <HOST> not allowed because not listed in AllowUsers$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=\\S* ruser=\\S* rhost=<HOST>(?:\\s+user=.*)?\\s*$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Address <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\\s*$']
['set', 'ssh-iptables', 'addfailregex', "^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User \\S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$"]
['set', 'ssh-iptables', 'addaction', 'iptables']
['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>']
['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
['set', 'ssh-iptables', 'actioncheck', 'iptables', 'iptables -n -L INPUT | grep -q fail2ban-<name>']
['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH']
['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh']
['set', 'ssh-iptables', 'addaction', 'sendmail-whois']
['set', 'ssh-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere are more information about <ip>:\\n\n`/usr/bin/whois <ip>`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'ssh-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'ssh-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'ssh-iptables', 'actionunban', 'sendmail-whois', '']
['set', 'ssh-iptables', 'actioncheck', 'sendmail-whois', '']
['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'dest', 'root']
['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'name', 'SSH']
['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban@example.com']
['start', 'ssh-iptables']

Abschließend kann dann fail2ban mit nachfolgendem Befehl gestartet werden:

CentOS 6:

# service fail2ban start
Starting fail2ban: 
Message from syslogd@vrechner at Nov 29 13:04:48 ...
 �<30>fail2ban.filter : INFO   Added logfile = /var/log/secure

Message from syslogd@rechner at Nov 29 13:04:48 ...
 �<30>fail2ban.filter : INFO   Set maxRetry = 5

Message from syslogd@rechner at Nov 29 13:04:48 ...
 �<30>fail2ban.filter : INFO   Set findtime = 600
                                                           [  OK  ]

CentOS 7:

# systemctl start fail2ban.service

bzw.

# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-09-12 14:02:12 CEST; 31s ago
     Docs: man:fail2ban(1)
  Process: 9223 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
 Main PID: 9248 (fail2ban-server)
   CGroup: /system.slice/fail2ban.service
           └─9248 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fa...

Sep 12 14:02:10 vml71010.edmz.tachtler.net systemd[1]: Starting Fail2Ban Serv...
Sep 12 14:02:10 vml71010.edmz.tachtler.net fail2ban-client[9223]: 2016-09-12 ...
Sep 12 14:02:10 vml71010.edmz.tachtler.net fail2ban-client[9223]: 2016-09-12 ...
Sep 12 14:02:12 vml71010.edmz.tachtler.net systemd[1]: Started Fail2Ban Service.
Hint: Some lines were ellipsized, use -l to show in full.

Um fail2ban auch nach einem Neustart (restart) des Servers automatisch zu starten, sollten nachfolgende Konfiguration durchgeführt werden.

CentOS 6:

Nachfolgender Befehl, fügt das Start-Skript

  • /etc/init.d/fail2ban

der automatischen Ausführung (Start) beim Start oder Neustart des Servers/Knotens hinzu:

# chkconfig fail2ban on

Ein Überprüfung, ob dies erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden:

# chkconfig --list | grep fail2ban
fail2ban        0:off   1:off   2:on    3:on    4:on    5:on    6:off

CentOS 7:

Nachfolgender Befehl, fügt das Systemd-Start-Skript

  • /usr/lib/systemd/system/fail2ban.service

der automatischen Ausführung (Start) beim Start oder Neustart des Servers/Knotens hinzu:

# systemctl enable fail2ban.service
Created symlink from /etc/systemd/system/multi-user.target.wants/fail2ban.service to /usr/lib/systemd/system/fail2ban.service.

Ein Überprüfung, ob dies erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden:

# systemctl is-enabled fail2ban.service
enabled

Mit nachfolgenden Befehlen kann überprüft werden ob fail2ban aktiv ist.

# ps auxwwwf | grep fail2ban
root     12278  0.0  0.0 103244   800 pts/0    S+   13:08   0:00                      \_ grep fail2ban
root     12125  0.1  0.8 348700  8488 ?        Sl   13:04   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x

und

# tail -n 8 /var/log/messages
Nov 29 13:04:48 rechner fail2ban.server : INFO   Changed logging target to SYSLOG for Fail2ban v0.8.4
Nov 29 13:04:48 rechner fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
Nov 29 13:04:48 rechner fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Inotify
Nov 29 13:04:48 rechner �<30>fail2ban.filter : INFO   Added logfile = /var/log/secure
Nov 29 13:04:48 rechner �<30>fail2ban.filter : INFO   Set maxRetry = 5
Nov 29 13:04:48 rechner �<30>fail2ban.filter : INFO   Set findtime = 600
Nov 29 13:04:48 rechner fail2ban.actions: INFO   Set banTime = 600
Nov 29 13:04:48 rechner fail2ban.jail   : INFO   Jail 'ssh-iptables' started

Falls eine IP-Adresse geblockt wird, sollte nachfolgender Eintrag in der LOG-Datei - hier -

  • /var/log/messages

erscheinen:

...
Nov 29 14:01:19 rechner <BF><28>fail2ban.actions: WARNING [ssh-iptables] Ban 123.456.789.123
...

oder auch, bei mehr als - hier - 5 Versuchen:

...
Nov 29 14:01:27 rechner <BF><28>fail2ban.actions: WARNING [ssh-iptables] 123.456.789.123 already banned
...

Auch nachfolgende Ausgabe von iptables mit nachfolgendem Befehl, zeigt die aktuell geblockten IP-Adressen:

CentOS 6:

# iptables -nvL fail2ban-SSH
Chain fail2ban-SSH (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       123.456.789.123      0.0.0.0/0           
   60  3216 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

CentOS 7:

# iptables -nvL f2b-SSH
Chain fail2ban-SSH (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       123.456.789.123      0.0.0.0/0           
   60  3216 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Konfigurationsbeispiel

Nachfolgende Beispiele der genannten Konfigurationsdateien mit möglichen Einstellungen:

/etc/fail2ban/jail.local

Beispiel mit jail's für

  • sshd
  • sasl
# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
# Tachtler
# default: ignoreip = 127.0.0.1
ignoreip = 127.0.0.1 192.168.0.0/24

# "bantime" is the number of seconds that a host is banned.
# Tachtler
# default: bantime  = 600
bantime  = 300

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
# Tachtler
# default: findtime  = 600
findtime  = 900

# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.


[ssh-iptables]

enabled  = true
filter   = sshd
# Tachtler
# default: action   = iptables[name=SSH, port=ssh, protocol=tcp]
# default:            sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@tachtler.net]
logpath  = /var/log/secure
maxretry = 5

# This jail forces the backend to "polling".

[sasl-iptables]

# Tachtler
# default: enabled  = false
enabled  = true
filter   = sasl
backend  = polling
# Tachtler
# default: action   = iptables[name=sasl, port=smtp, protocol=tcp]
# default:            sendmail-whois[name=sasl, dest=you@example.com]
action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, dest=root, sender=fail2ban@tachtler.net]
# Tachtler
# default: logpath  = /var/log/mail.log
logpath  = /var/log/maillog

Problembehebung

/etc/fail2ban/filter.d/sasl.local

Um in einem jail - sasl erfolgreich einsetzen zu können, muss nachfolgende Anpassung an der Konfigurationsdatei

  • /etc/fail2ban/filter.d/sasl.local

erfolgen:

# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision$
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
# Tachtler
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
# Tachtler
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*={0,2})?$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

:!: HINWEIS - Es fehlt nur ein LEERZEICHEN nach dem -Zeichen. Ausschnitt: [A-Za-z0-9+ ]*={0,2})?$

Um die Änderungen an der Konfiguration zu testen und um zu überprüfen, ob eine Übereinstimmung mit den Angaben in der regular expression mit Inhalten in der angegebenen LOG-Datei vorhanden sind, kann nachfolgender Befehl genutzt werden:

# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.local 
/usr/share/fail2ban/server/filter.py:442: DeprecationWarning: the md5 module is deprecated; use hashlib instead
  import md5

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sasl.conf
Use log file   : /var/log/maillog


Results
=======

Failregex
|- Regular expressions:
|  [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*={0,2})?$
|
`- Number of matches:
   [1] 3 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]

    123.456.789.123 (Thu Nov 29 17:57:23 2012)
    123.456.789.123 (Thu Nov 29 17:57:33 2012)
    123.456.789.123 (Thu Nov 29 17:57:42 2012)

Date template hits:
3 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 3

However, look at the above section 'Running tests' which could contain important
information.

IP-Adresse manuell löschen "unban"

Nachfolgende Befehle ermöglichen es, eine IP-Adresse, welche von fail2ban als „banned“ gelistet ist zu löschen („unban“).

Dies soll durch Aufruf des fail2ban-client im interaktiven Modus erfolgen.

Um den fail2ban-client in den interaktiven Modus zu versetzen, ist nachfolgender Befehl erforderlich:

# fail2ban-client -i
Fail2Ban v0.9.7 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
 
fail2ban>

Anschließend befindet sich der fail2ban-client im interaktiven Modus, was durch den Prompt erkennbar ist.

Durch Eingabe von nachfolgendem Befehl, werden die einzelnen jails aufgelistet, aus denen nun eine IP-Adresse gelöscht werden kann:

fail2ban> status
Status
|- Number of jail:      3
`- Jail list:   portscan, sshd, sshd-ddos

Durch Erweiterung des vorhergehenden Befehls, um die Angabe eines jails, können nun die sich darin gelisteten IP-Adressen aufgelistet werden, was mit nachfolgendem Befehl hier für den jail - portscan durchgeführt werden soll:

fail2ban> status portscan
Status for the jail: portscan
|- Filter
|  |- Currently failed: 59
|  |- Total failed:     760
|  `- Journal matches:  _TRANSPORT=kernel
`- Actions
   |- Currently banned: 2
   |- Total banned:     2
   `- Banned IP list:   151.101.114.49 85.93.20.106

Um jetzt z.B. die IP-Adresse 151.101.114.49 zu löschen („unban“), muss nachfolgender Befehl wie folgt eingegeben werden:

fail2ban> set portscan unbanip 151.101.114.49
151.101.114.49

Als Antwort auf den vorhergehenden Befehl, sollte die eingegeben IP-Adresse erscheinen, was das löschen („unban“) bestätigt.

Eine erneute Abfrage der gelisteten IP-Adressen im jail - portscan, sollte nun ohne die entsprechende IP-Adresse erfolgen, was nachfolgende Abfrage zeigt:

fail2ban> status portscan
Status for the jail: portscan
|- Filter
|  |- Currently failed: 62
|  |- Total failed:     781
|  `- Journal matches:  _TRANSPORT=kernel
`- Actions
   |- Currently banned: 1
   |- Total banned:     2
   `- Banned IP list:   85.93.20.106

Um den interaktiven Modus von fail2ban-client wider zu verlassen, kann nachfolgender Befehl eingegeben werden:

fail2ban> exit
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
tachtler/fail2ban.txt · Zuletzt geändert: 2018/04/15 00:57 von klaus