at a other installaon with ubuntu 16.04 with plesk i have installed fail2ban with a named-refused jail
I have installed a news system ubuntu 20.04 with plesk and i have a problem with fail2ban .
This jail dosent work in 20.04, but i dont know why:
named-refused.conf
[named-refused]
port = domain,953
logpath = /var/log/named/security.log
named-refused.local
jail.local
I have installed a news system ubuntu 20.04 with plesk and i have a problem with fail2ban .
This jail dosent work in 20.04, but i dont know why:
named-refused.conf
[named-refused]
port = domain,953
logpath = /var/log/named/security.log
named-refused.local
Code:
[Definition]
_daemon = named
__pid_re = (?:\[\d+\])
__daemon_re = \(?%(_daemon)s(?:\(\S+\))?\)?:?
__daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
__line_prefix = (?:\s\S+ %(__daemon_combs_re)s\s+)?
failregex = ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: (view (internal|external): )?query(?: \(cache\))? '.*' denied\s*$
^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: zone transfer '\S+/AXFR/\w+' denied\s*$
^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: bad zone transfer request: '\S+/IN': non-authoritative zone \(NOTAUTH\)\s*$
ignoreregex =
jail.local
Code:
....
[named-refused-tcp]
bantime = 31536000
enabled = true
port = domain,953
protocol = tcp
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
logpath = /var/log/syslog
[named-refused-udp]
bantime = 31536000
enabled = true
port = domain,953
protocol = udp
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
logpath = /var/log/syslog
...