0

I'm looking for a way to use fail2ban to control/block samba logins on Ubuntu 12.04.3 LTS.
I already set up an jail.local. The samba part currently looks like this:

[samba]
enabled = true
port = 135,139,445,137,138
protocol = tcp,udp

I'm missing these two options:

filter =
logpath =

I know that samba log are located in /var/log/samba, but every hostname has its own file, so what do I have to set as logpath and as filter? Or is this even possible?

Thank you very much

Roman Holzner
  • 119
  • 1
  • 4
  • Did you even bother to read the documentation ? – user9517 Jan 10 '14 at 19:15
  • 1
    I wouldn't ask if I haven't already done some research. For example the official fail2ban Wiki: http://www.fail2ban.org/wiki/index.php?title=Special%3ASearch&search=samba&go=Go . – Roman Holzner Jan 10 '14 at 19:19
  • @CopyDevil What, ***specifically*** have you attempted to get this working in your environment? What ***specific*** error messages or unexpected behavior are you experiencing? Server Fault is not here to do your work for you. [You must ask a good, specific, answerable question](http://meta.serverfault.com/questions/3608/how-can-i-ask-better-questions-on-server-fault) in order for us to help you. – voretaq7 Jan 10 '14 at 19:48
  • I think I wrote it: `I know that samba log are located in /var/log/samba, but every hostname has its own file`, this is what I tried, and why I failed. I also posted the code I wrote so far. Do the work? I'm asking for 2 little options, where I'm stucked! What are you trying to do? What have you tried in order to make it happen? What results did you expect? What actually happened? Everything is in my Question. I'm really sorry. – Roman Holzner Jan 10 '14 at 20:25
  • @CopyDevil You are not asking for "two little options", you are asking for the solution handed to you on a silver platter. We can certainly help you with the syntax for `logpath` (See [Iain's answer](http://serverfault.com/a/566447/32986)), but as pointed out in the same answer `filter` is a regex you're going to need to define yourself based on *your* needs. – voretaq7 Jan 10 '14 at 23:24

1 Answers1

5

The logpath option takes a wildcard as the official wiki you reference says

wildcard support in logpath option

so for example 

logpath  = /var/log/apache*/*error.log

Again from the document you say you read

filter : a filter defines a regular expression which must match a pattern corresponding to a log-in failure or any other expression

These are normally put into a .conf file in the filter.d directory.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • I thank you very much for the answer, but I don't understand your point. I think that every answer on every IT-Related stackexchange Site could be answered by reading the Documentation. But if someone asks a short question like this one, this would simply be overkill. Now the question is answered, and if anybody has the same question, he will find a quick answer. I believe this is easier than everyone reading the manual... – Roman Holzner Jan 10 '14 at 19:32
  • Try to read: http://oreilly.com/openbook/samba/book/ch09_01.html (9.1.1 Samba Logs) – Pol Hallen May 28 '14 at 16:51