Action Log to file?

[littlefrog]

I have fail2ban running on my server and i want to have it be able to check brute force attacks on the plesk panel login itself.

Action log today recorded 43,000 attempts to log in... would have been nice to ban after the first 4 but the results are in a database from what i can tell and not a physical file.

Does anyone know of a way to get fail2ban to read DB or to get action log into file so i can stop this from happening.

 

[Sergey L]

You probably can write event handler on failed login.
See "Panel user failed to login" for specific event details and
Adding Event Handlers (Linux) for how to add a handler.

 

[littlefrog]

hmm... might work if... event handlers worked

according to the documentation

it doesn't work.

1) If you create Shell script EXACTLY as described and choose the event panel user failed login no vars are passed on to the shell script.

2) Because no vars are passed on there is no way to add to auto ban script.
a) No IP passed on
b) No user name passed on

 

[littlefrog]

file and output

Here is my shell script

#!/bin/bash
COMPDATE=`/bin/date`
echo "$COMPDATE - [${COMP_IP_ADDRESS}] - (${COMP_LOGIN_NAME}) User Authentication Failed" >> /var/log/psa-cp.log

Here is what it outputs

Tue Nov 6 17:37:37 CST 2012 - [] - () User Authentication Failed

 

[littlefrog]

anyone have any ideas when the Event Viewer will be fixed to work per the documentation?

Its clearly not passing variables on like it states it does.