Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apache-auth.conf no longer detects anything #286

Closed
moneytoo opened this issue Jul 11, 2013 · 2 comments
Closed

apache-auth.conf no longer detects anything #286

moneytoo opened this issue Jul 11, 2013 · 2 comments
Assignees
@grooverdan

Comments

@moneytoo
Copy link

I have installed fail2ban 0.8.10-1.el6 from EPEL on Centos 6.4 (32-bit) but I just can't make it detect Apache Basic Auth failures.

I have following test log:

[Thu Jul 11 01:21:41 2013] [error] [client 194.228.20.113] user  not found: /
[Thu Jul 11 01:21:43 2013] [error] [client 194.228.20.113] user dsfasdf not found: /
[Thu Jul 11 01:21:45 2013] [error] [client 194.228.20.113] user dsfasdf not found: /
[Thu Jul 11 01:21:45 2013] [error] [client 194.228.20.113] user dsfasdf not found: /
[Thu Jul 11 01:21:47 2013] [error] [client 194.228.20.113] user dsfasdf not found: /
[Thu Jul 11 01:21:49 2013] [error] [client 194.228.20.113] user dsfasdffeg not found: /
[Thu Jul 11 01:21:51 2013] [error] [client 194.228.20.113] user dfgdgf not found: /
[Thu Jul 11 01:21:52 2013] [error] [client 194.228.20.113] user dfg not found: /
[Thu Jul 11 01:21:53 2013] [error] [client 194.228.20.113] user dfg not found: /
[Thu Jul 11 01:21:55 2013] [error] [client 194.228.20.113] user gsdfgdsfg not found: /
[Thu Jul 11 01:21:56 2013] [error] [client 194.228.20.113] user dfgers not found: /
[Thu Jul 11 01:21:56 2013] [error] [client 194.228.20.113] user dgrferd not found: /
[Thu Jul 11 01:29:42 2013] [error] [client 194.228.20.113] user dgrferd not found: /
[Thu Jul 11 01:29:44 2013] [error] [client 194.228.20.113] user fds not found: /
[Thu Jul 11 01:29:45 2013] [error] [client 194.228.20.113] user  not found: /
[Thu Jul 11 01:29:46 2013] [error] [client 194.228.20.113] user fd not found: /
[Thu Jul 11 07:39:58 2013] [error] [client 194.228.20.113] user dsf not found: /
[Thu Jul 11 08:06:50 2013] [error] [client 194.228.20.113] user dsf not found: /

Running fail2ban-regex -v "/root/apache.log" "/etc/fail2ban/filter.d/apache-auth.conf" produces:

Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/apache-auth.conf
Use log file   : /root/apache.log


Results
=======

Failregex: 0 total
|- #) [# of hits] regular expression
|  1) [0] ^\[[^]]+\] \[error\] \[client <HOST>\] user .* (authentication failure|not found|password mismatch)\s*$
`-

Ignoreregex: 0 total

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.

It works just fine with older apache-auth.conf from 495f2dd.

Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Got time using template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/apache-auth-old.conf
Use log file   : /root/apache.log


Results
=======

Failregex: 18 total
|- #) [# of hits] regular expression
|  1) [0] [[]client <HOST>[]] user .* authentication failure
|  2) [18] [[]client <HOST>[]] user .* not found
|  3) [0] [[]client <HOST>[]] user .* password mismatch
`-

Ignoreregex: 0 total

Summary
=======

Addresses found:
[1]
[2]
    194.228.20.113 (Thu Jul 11 01:21:41 2013)
    194.228.20.113 (Thu Jul 11 01:21:43 2013)
    194.228.20.113 (Thu Jul 11 01:21:45 2013)
    194.228.20.113 (Thu Jul 11 01:21:45 2013)
    194.228.20.113 (Thu Jul 11 01:21:47 2013)
    194.228.20.113 (Thu Jul 11 01:21:49 2013)
    194.228.20.113 (Thu Jul 11 01:21:51 2013)
    194.228.20.113 (Thu Jul 11 01:21:52 2013)
    194.228.20.113 (Thu Jul 11 01:21:53 2013)
    194.228.20.113 (Thu Jul 11 01:21:55 2013)
    194.228.20.113 (Thu Jul 11 01:21:56 2013)
    194.228.20.113 (Thu Jul 11 01:21:56 2013)
    194.228.20.113 (Thu Jul 11 01:29:42 2013)
    194.228.20.113 (Thu Jul 11 01:29:44 2013)
    194.228.20.113 (Thu Jul 11 01:29:45 2013)
    194.228.20.113 (Thu Jul 11 01:29:46 2013)
    194.228.20.113 (Thu Jul 11 07:39:58 2013)
    194.228.20.113 (Thu Jul 11 08:06:50 2013)
[3]

Date template hits:
72 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year2 Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): Month-Day-Year Hour:Minute:Second[.Millisecond]
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
0 hit(s): MonthDayYear Hour:Minute:Second
0 hit(s): Month-Day-Year Hour:Minute:Second

Success, the total number of match is 18

However, look at the above section 'Running tests' which could contain important
information.
@grooverdan
Copy link
Contributor

quite right. http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_basic.c?view=markup line 359

@grooverdan
Copy link
Contributor

bunch of enhancements in pull request #287

@moneytoo moneytoo mentioned this issue Jul 11, 2013
Closed
@grooverdan grooverdan mentioned this issue Jul 18, 2013
Merged
@ghost ghost assigned grooverdan Aug 19, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@grooverdan grooverdan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grooverdan @moneytoo