Fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux

~ tadmin

I am using the following fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux (because default one is not working for me properly).

File /etc/fail2ban/jail.local or /etc/fail2ban/jail.conf if you have not installed fail2ban using yum package manager which will overwrite your custom configuration files each time you update the package.

[proftpd-iptables]

enabled  = true
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=serveradmin@shkodenko.com]
logpath  = /var/log/secure
maxretry = 7

Filter configuration file: /etc/fail2ban/filter.d/proftpd.conf

# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
#             \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
#             \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
#             \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
#
# default failregex does not work @see http://www.howtoforge.com/forums/showthread.php?t=35089
#

failregex = ^(.)+proftpd(.)+\[<HOST>\](.)*no such user found from (.)* to (.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*USER(.)*Login failed(.)*Incorrect password(.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*SECURITY VIOLATION:(.)*login attempted(.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*Maximum login attempts(.)*exceeded(.)*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

To check new ban regex use command:

# /usr/bin/fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/proftpd.conf

Restarted fail2ban using command:

# /sbin/service fail2ban restart

Published by tadmin

2 thoughts on “Fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux

  1. Pretty!
    This was an incredibly wonderful article.
    Many thanks for supplying this information.

  2. Simply desire to say your article is as astounding.
    The clearness on your put up is simply cool and i can think you’re a professional in this subject.
    Well together with your permission allow me to clutch your RSS feed to keep updated with coming near near post.
    Thank you one million and please carry on the gratifying work.

Comments are closed.