[quote=âstephdl, post:23, topic:5997â]
rpm -qa fail2ban
[/quote][root@localhost yum.repos.d]# rpm -qa *fail2ban* fail2ban-server-0.9.6-3.el7.noarch fail2ban-sendmail-0.9.6-3.el7.noarch fail2ban-firewalld-0.9.6-3.el7.noarch fail2ban-0.9.6-3.el7.noarch nethserver-fail2ban-0.1.7-1.ns7.sdl.noarch fail2ban-shorewall-0.9.6-3.el7.noarch
[quote=âstephdl, post:24, topic:5997â]
on ns7, does other jails are workable ?
[/quote]No, and I recognized that the service was not running and couldnât be started (I looked at the journalctl -xe
which said that some file of the shorewall didnât exist - I guess it was shorewall.loc, however not sure anymore (not shorewall.log))âŠ
Hence, I decided to reinstall fail2ban as you saidâŠ
Now, it is running and the other jails seem to work (I tested especially apache-auth).
And now there is also fail2ban-regex!
[quote=âstephdl, post:24, topic:5997â]
whereis fail2ban-regex
[/quote]fail2ban-regex: /usr/bin/fail2ban-regex /usr/share/man/man1/fail2ban-regex.1.gz
and the output of [quote=âstephdl, post:10, topic:5997â]
fail2ban-regex /var/log/httpd/ssl_access_log /etc/fail2ban/filter.d/phpmyadmin.conf
[/quote] `
Running tests
Use failregex filter file : phpmyadmin, basedir: /etc/fail2ban
Use log file : /var/log/httpd/ssl_access_log
Use encoding : UTF-8
Results
Failregex: 10 total
|- #) [# of hits] regular expression
| 1) [10] ^.-.-.[.*] âPOST /phpmyadmin/index.php HTTP/1.1â 200
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [23] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)?
`-
Lines: 23 lines, 0 ignored, 10 matched, 13 missed
[processed in 0.00 sec]
|- Missed line(s):
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/ HTTP/1.1â 200 2925
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.11.2.css HTTP/1.1â 200 35212
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/phpmyadmin.css.php?nocache=4459739948ltr HTTP/1.1â 200 21402
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/js/whitelist.php?lang=de&db=&token=42d8d2fa2b7044ceffdf7e4f7ab089d8 HTTP/1.1â 200 498
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/js/get_scripts.js.php?scripts%5B%5D=jquery/jquery-1.11.1.min.js&scripts%5B%5D=sprintf.js&scripts%5B%5D=ajax.js&scripts%5B%5D=keyhandler.js&scripts%5B%5D=jquery/jquery-ui-1.11.2.min.js&scripts%5B%5D=jquery/jquery.cookie.js&scripts%5B%5D=jquery/jquery.mousewheel.js&scripts%5B%5D=jquery/jquery.event.drag-2.2.js&scripts%5B%5D=jquery/jquery-ui-timepicker-addon.js&scripts%5B%5D=jquery/jquery.ba-hashchange-1.3.js HTTP/1.1â 200 139591
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/js/get_scripts.js.php?scripts%5B%5D=jquery/jquery.debounce-1.0.5.js&scripts%5B%5D=menu-resizer.js&scripts%5B%5D=cross_framing_protection.js&scripts%5B%5D=rte.js&scripts%5B%5D=tracekit/tracekit.js&scripts%5B%5D=error_report.js&scripts%5B%5D=doclinks.js&scripts%5B%5D=functions.js&scripts%5B%5D=navigation.js&scripts%5B%5D=indexes.js HTTP/1.1â 200 76681
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/js/get_scripts.js.php?scripts%5B%5D=common.js&scripts%5B%5D=codemirror/lib/codemirror.js&scripts%5B%5D=codemirror/mode/sql/sql.js&scripts%5B%5D=codemirror/addon/runmode/runmode.js&scripts%5B%5D=codemirror/addon/hint/show-hint.js&scripts%5B%5D=codemirror/addon/hint/sql-hint.js&scripts%5B%5D=console.js HTTP/1.1â 200 117005
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/js/messages.php?lang=de&db=&token=42d8d2fa2b7044ceffdf7e4f7ab089d8 HTTP/1.1â 200 8557
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/js/get_image.js.php?theme=pmahomme HTTP/1.1â 200 1833
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/themes/pmahomme/img/logo_right.png HTTP/1.1â 200 4548
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/themes/dot.gif HTTP/1.1â 200 43
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/favicon.ico HTTP/1.1â 200 18902
| 192.168.2.103 - - [12/Mar/2017:19:18:20 +0100] âGET /phpmyadmin/themes/pmahomme/img/sprites.png HTTP/1.1â 200 46795
-
However, it doesnât ban meâŠ