Fail2Ban Filter Errors

RoastedCode asked:

I’m trying to add two fail2ban filters, one for post flood and phpmyadmin brute force but i get the following errors.

logs:

fail2ban.filter : ERROR  No 'host' group in '[[]client []] File does not exist: /var/www/(?:PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2)'

fail2ban.filter : ERROR  No 'host' group in '^ -.*”POST.*'

jail.conf:

[apache-phpmyadmin]
enabled  = true
port     = http,https
filter   = apache-phpmyadmin
logpath  = /var/log/apache*/*error.log
maxretry = 3

[apache-postflood]
enabled = true
port = http,https
filter = apache-postflood
logpath = /var/log/apache*/*flood.log
findtime = 10
maxretry = 10

apache-phpmyadmin.conf filter:

[Definition] 
docroot = /var/www
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s)
ignoreregex =

apache-postflood.conf filter:

[Definition]
failregex = ^ -.*”POST.*
ignoreregex =

My answer:


Your failregex is missing the special string <HOST> which you must insert in the place where the IP address will appear in the log entry. This is required so that fail2ban will know what IP address it should act on.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.