Filtrar phpmyadmin con fail2ban

Holas saludos a todos , este es mi primer post , he instalado fail2ban en un server ubuntu y me bloquea bien las ips que acceden por ssh pero la jail de phpmyadmin no me funciona , me dice :

* Restarting authentication failure monitor fail2ban [fail]

el codigo del filtro de la jail phpmyadmin , lo copié y pegué de un tutorial , ya que al parecer no viene ninguno por defecto en la carpeta filter.d .

[Definition]
failregex = ^[[]client <HOST>[]] File does not exist: *myadmin* *\s*$
^[[]client <HOST>[]] File does not exist: *MyAdmin* *\s*$
^[[]client <HOST>[]] File does not exist: *mysqlmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *setup.php* *\s*$
^[[]client <HOST>[]] File does not exist: *mysql* *\s*$
^[[]client <HOST>[]] File does not exist: *phpmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *phpadmin* *\s*$
^[[]client <HOST>[]] File does not exist: *sqlmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *sqlweb* *\s*$
^[[]client <HOST>[]] File does not exist: *webdb* *\s*
ignoreregex =

tambien probé con este y nada mismo error :


# Fail2Ban configuration file
#
# Bans bots scanning for non-existing phpMyAdmin installations on your webhost.
#
# Author: Gina Haeussge
#
[Definition]
docroot = /var/www
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2
# Option: failregex
# Notes.: Regexp to match often probed and not available phpmyadmin paths.
# Values: TEXT
#
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

y con este


failregex = \[client <HOST>\] File does not exist:.*(?i)admin.*
\[client <HOST>\] File does not exist:.*(?i)manager.*
\[client <HOST>\] File does not exist:.*(?i)setup.*
\[client <HOST>\] File does not exist:.*(?i)mysql.*
\[client <HOST>\] File does not exist:.*(?i)sqlweb.*
\[client <HOST>\] File does not exist:.*(?i)webdb.*
\[client <HOST>\] File does not exist:.*(?i)pma.*
\[client <HOST>\] File does not exist:.*(?i)vtigercrm.*
^<HOST>.*GET.*(?i)admin.*
^<HOST>.*GET.*(?i)manager.*
^<HOST>.*GET.*(?i)setup.*
^<HOST>.*GET.*(?i)mysql.*
^<HOST>.*GET.*(?i)sqlweb.*
^<HOST>.*GET.*(?i)webdb.*
^<HOST>.*GET.*(?i)pma.*
^<HOST>.*GET.*(?i)vtigercrm.*

cada vez que activo alguno de esos filtros :

service fail2ban restart :

FAIL

y

/etc/init.d/fail2ban status :

* Status of authentication failure monitor * fail2ban is not running




soy muy novato en esto y toy atascao
gracias

 

~# fail2ban-client status
Status
|- Number of jail: 3
`- Jail list: apache, apache-myadmin, ssh
~# /etc/init.d/fail2ban status
* Status of authentication failure monitor * fail2ban is running
# fail2ban-client status apache-myadmin
Status for the jail: apache-myadmin
|- filter
| |- File list: /var/log/apache2/error.log
| |- Currently failed: 0
| `- Total failed: 0
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0

ya no me da error al activar el filtro de phpmyadmin , era un error tipográfico XD y bien gordo (.con en lugar de .conf jajajajajajajajaja ).
pero veo k no me banea las ip k intentan logearse por phpmyadmin.

en cambio ssh va de maravilla :

Status for the jail: ssh
|- filter
| |- File list: /var/log/auth.log
| |- Currently failed: 1
| `- Total failed: 36
`- action
|- Currently banned: 8
| `- IP list: 115.239.228.35 115.239.228.7 115.239.228.4 115.239.228.14 115.239.228.11 115.239.228.12 115.239.228.6 115.230.126.151
`- Total banned: 9