lost and found ( for me ? )

build BIND 10 from source on Ubuntu 12.04 and load a zone as a master


# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"

# uname -ri
3.2.0-38-generic x86_64

install required packages to build BIND10
# apt-get install g++ python3 python3-dev libbotan1.8-dev libbz2-dev libgmp3-dev bzip2 make libboost-dev pkg-config libsqlite3-dev sqlite3 liblog4cplus-dev automake libtool -y

build BIND10
# tar xzvf bind10-1.0.0.tar.gz
# cd bind10-1.0.0/

# ./configure
<snip>

    BIND 10 source configure results:
   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Package:
 Name:          bind10
 Version:       1.0.0

C++ Compiler:    g++

Flags:
 DEFS:          -DHAVE_CONFIG_H
 CPPFLAGS:       -DOS_LINUX  -I$(top_srcdir)/ext/asio -I$(top_srcdir)/ext/coroutine -DASIO_DISABLE_THREADS=1
 CXXFLAGS:      -g -O2
 LDFLAGS:        -Wl,-R/usr/lib   
 B10_CXXFLAGS:   -Wall -Wextra -Wwrite-strings -Woverloaded-virtual -Wno-sign-compare -Werror -fPIC
 OS Family:     Linux
 Python:        -I/usr/include/python3.2mu -I/usr/include/python3.2mu
                
                 -L/usr/lib/python3.2/config-3.2mu  -Wl,-R/usr/lib/python3.2/config-3.2mu
                -lpython3.2
 Boost:         
 Botan:         -I/usr/include
                 -L/usr/lib
                -L/usr/lib -lbotan  -lbotan
 Log4cplus:     
                 -llog4cplus -pthread
 SQLite:         
                -lsqlite3  

Features:
  SQLite3

Developer:
 Enable Debugging: no
 Google Tests: no
 Valgrind: not found
 C++ Code Coverage: no
 Python Code Coverage: no
 Logger checks: no
 Generate Documentation: no


 Now you can type "make" to build BIND 10

# make
# make install
# ldconfig

# /usr/local/sbin/bind10 --version
bind10 20110223 (BIND 10 1.0.0)


create a user
root@ubuntu1204-vm1:~# cd /usr/local/etc/bind10/

root@ubuntu1204-vm1:/usr/local/etc/bind10# b10-cmdctl-usermgr
Desired Login Name:bind10
Choose a password:
Re-enter password:

create new account successfully!

start BIND10
root@ubuntu1204-vm1:/usr/local/etc/bind10# bind10 &
[1] 16543

start Authoritative DNS service
root@ubuntu1204-vm1:/usr/local/etc/bind10# bindctl
No stored password file found, please see sections "Configuration specification for b10-cmdctl" and "bindctl command-line options" of the BIND 10 guide.
Username: bind10
Password:
["login success "]

> config add Init/components b10-auth
> config set Init/components/b10-auth/special auth
> config set Init/components/b10-auth/kind needed
> config commit
2013-02-28 00:56:19.911 INFO  [b10-init.init/16543] BIND10_CONFIGURATOR_RECONFIGURE reconfiguring running components
2013-02-28 00:56:19.912 INFO  [b10-init.init/16543] BIND10_COMPONENT_START component b10-auth is starting
2013-02-28 00:56:19.914 INFO  [b10-init.init/16543] BIND10_STARTING_PROCESS starting process b10-auth
> 2013-02-28 00:56:19.971 INFO  [b10-auth.auth/16574] AUTH_SERVER_CREATED server created
2013-02-28 00:56:19.972 INFO  [b10-auth.auth/16574] AUTH_DATASRC_CLIENTS_BUILDER_STARTED data source builder thread started
2013-02-28 00:56:19.981 INFO  [b10-init.init/16543] BIND10_SOCKET_GET requesting socket [::]:53 of type TCP from the creator
2013-02-28 00:56:19.983 INFO  [b10-init.init/16543] BIND10_SOCKET_CREATED successfully created socket 20
2013-02-28 00:56:19.986 INFO  [b10-init.init/16543] BIND10_SOCKET_GET requesting socket [::]:53 of type UDP from the creator
2013-02-28 00:56:19.988 INFO  [b10-init.init/16543] BIND10_SOCKET_CREATED successfully created socket 22
2013-02-28 00:56:19.990 INFO  [b10-init.init/16543] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type TCP from the creator
2013-02-28 00:56:19.991 INFO  [b10-init.init/16543] BIND10_SOCKET_CREATED successfully created socket 23
2013-02-28 00:56:19.994 INFO  [b10-init.init/16543] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type UDP from the creator
2013-02-28 00:56:19.996 INFO  [b10-init.init/16543] BIND10_SOCKET_CREATED successfully created socket 24
2013-02-28 00:56:20.002 INFO  [b10-auth.auth/16574] AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_STARTED data source reconfiguration started
2013-02-28 00:56:20.004 INFO  [b10-auth.auth/16574] AUTH_SERVER_STARTED server started
2013-02-28 00:56:20.010 WARN  [b10-auth.datasrc/16574] DATASRC_SQLITE_SETUP setting up new SQLite3 database in '/usr/local/var/bind10/zone.sqlite3'
2013-02-28 00:56:20.175 INFO  [b10-auth.auth/16574] AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_SUCCESS data source reconfiguration completed successfully

> quit

Exit from bindctl
#

# lsof -ni:53
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
b10-init 16543 root   20u  IPv6  36053      0t0  TCP *:domain (LISTEN)
b10-init 16543 root   22u  IPv6  36057      0t0  UDP *:domain
b10-init 16543 root   23u  IPv4  36058      0t0  TCP *:domain (LISTEN)
b10-init 16543 root   24u  IPv4  36060      0t0  UDP *:domain
b10-auth 16574 root   16w  IPv6  36053      0t0  TCP *:domain (LISTEN)
b10-auth 16574 root   17w  IPv6  36057      0t0  UDP *:domain
b10-auth 16574 root   18r  IPv4  36058      0t0  TCP *:domain (LISTEN)
b10-auth 16574 root   19u  IPv4  36060      0t0  UDP *:domain

# dig @127.0.0.1 version.bind chaos txt +norec

; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 version.bind chaos txt +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56466
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;version.bind. CH TXT

;; ANSWER SECTION:
version.bind. 0 CH TXT "bind10 1.0.0"

;; AUTHORITY SECTION:
bind. 0 CH NS bind.

recursive service is not running
# dig @127.0.0.1 www.isc.org

; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 www.isc.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 40243
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.isc.org. IN A



load a zone “foo.bar”
# cat foo.bar.db
$TTL 84600
foo.bar. 3600 IN SOA ns1.foo.bar. (
postmaster.foo.bar.
2013022801;
3600;
900
604800
3600 )

foo.bar. IN NS ns1.foo.bar.
        IN NS ns2.foo.bar.
ns1.foo.bar. IN A 127.0.0.1
ns2.foo.bar. IN A 127.0.0.2
www.foo.bar. IN A 127.0.0.3
    IN A 127.0.0.4
    IN A 127.0.0.5



# b10-loadzone -c '{"database_file": "/usr/local/var/bind10/zone.sqlite3"}' foo.bar foo.bar.db
2013-02-28 01:04:07.891 INFO  [b10-loadzone.loadzone/16705] LOADZONE_ZONE_CREATED Zone foo.bar./IN does not exist in the data source, newly created
2013-02-28 01:04:08.013 INFO  [b10-loadzone.loadzone/16705] LOADZONE_DONE Loaded 8 RRs into zone foo.bar./IN in 0.12 seconds

zone configuration was stored in /usr/local/var/bind10/zone.sqlite3.
# ls /usr/local/var/bind10/
b10-config.db  logger_lockfile  msgq_socket  zone.sqlite3

# dig @127.1 www.foo.bar +norec

; <<>> DiG 9.8.1-P1 <<>> @127.1 www.foo.bar +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5707
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.foo.bar. IN A

;; ANSWER SECTION:
www.foo.bar. 84600 IN A 127.0.0.3
www.foo.bar. 84600 IN A 127.0.0.4
www.foo.bar. 84600 IN A 127.0.0.5

;; AUTHORITY SECTION:
foo.bar. 84600 IN NS ns1.foo.bar.
foo.bar. 84600 IN NS ns2.foo.bar.

;; ADDITIONAL SECTION:
ns1.foo.bar. 84600 IN A 127.0.0.1
ns2.foo.bar. 84600 IN A 127.0.0.2


stop BIND10 process
# bindctl

> Init show_processes help
Command  show_processes (List the running BIND 10 processes)
help (Get help for command)
This command has no parameters
> Init show_processes
[
   [
       16544,
       "Socket creator",
       null
   ],
   [
       16545,
       "msgq",
       null
   ],
   [
       16547,
       "cfgmgr",
       "ConfigManager"
   ],
   [
       16549,
       "b10-stats",
       "Stats"
   ],
   [
       16550,
       "b10-cmdctl",
       "Cmdctl"
   ],
   [
       16574,
       "b10-auth",
       "Auth"
   ]
]
> Init shutdown
2013-02-28 01:08:28.680 INFO  [b10-init.init/16543] BIND10_SHUTDOWN stopping the server
2013-02-28 01:08:28.681 INFO  [b10-init.init/16543] BIND10_CONFIGURATOR_STOP bind10 component configurator is shutting down
2013-02-28 01:08:28.683 INFO  [b10-init.init/16543] BIND10_COMPONENT_STOP component Socket creator is being stopped
2013-02-28 01:08:28.684>  INFO  [b10-init.init/16543] BIND10_SOCKCREATOR_TERMINATE terminating socket creator
2013-02-28 01:08:28.690 INFO  [b10-init.init/16543] BIND10_COMPONENT_STOP component msgq is being stopped
2013-02-28 01:08:28.694 INFO  [b10-init.init/16543] BIND10_COMPONENT_STOP component b10-cmdctl is being stopped
2013-02-28 01:08:28.699 INFO  [b10-init.init/16543] BIND10_STOP_PROCESS asking b10-cmdctl to shut down
2013-02-28 01:08:28.705 INFO  [b10-cmdctl.cmdctl/16550] CMDCTL_EXITING exiting
2013-02-28 01:08:28.709 INFO  [b10-init.init/16543] BIND10_COMPONENT_STOP component b10-auth is being stopped
2013-02-28 01:08:28.710 INFO  [b10-init.init/16543] BIND10_STOP_PROCESS asking b10-auth to shut down
2013-02-28 01:08:28.712 INFO  [b10-auth.auth/16574] AUTH_SERVER_EXITING exiting
2013-02-28 01:08:28.714 INFO  [b10-auth.auth/16574] AUTH_DATASRC_CLIENTS_BUILDER_STOPPED data source builder thread stopped
2013-02-28 01:08:28.724 INFO  [b10-init.init/16543] BIND10_COMPONENT_STOP component cfgmgr is being stopped
2013-02-28 01:08:28.725 INFO  [b10-init.init/16543] BIND10_STOP_PROCESS asking cfgmgr to shut down
2013-02-28 01:08:28.727 INFO  [b10-cfgmgr.cfgmgr/16547] CFGMGR_STOPPED_BY_COMMAND received shutdown command, shutting down
2013-02-28 01:08:28.732 INFO  [b10-init.init/16543] BIND10_COMPONENT_STOP component b10-stats is being stopped
2013-02-28 01:08:28.736 INFO  [b10-init.init/16543] BIND10_STOP_PROCESS asking b10-stats to shut down
2013-02-28 01:08:28.738 INFO  [b10-stats.stats/16549] STATS_RECEIVED_SHUTDOWN_COMMAND shutdown command received
2013-02-28 01:08:28.740 INFO  [b10-stats.stats/16549] STATS_EXITING exiting
2013-02-28 01:08:29.749 INFO  [b10-init.init/16543] BIND10_PROCESS_ENDED process 16544 of Socket creator ended with status 0
2013-02-28 01:08:29.754 INFO  [b10-init.init/16543] BIND10_PROCESS_ENDED process 16547 of cfgmgr ended with status 0
2013-02-28 01:08:29.759 INFO  [b10-init.init/16543] BIND10_PROCESS_ENDED process 16549 of b10-stats ended with status 0
2013-02-28 01:08:29.764 INFO  [b10-init.init/16543] BIND10_PROCESS_ENDED process 16550 of b10-cmdctl ended with status 0
2013-02-28 01:08:29.766 INFO  [b10-init.init/16543] BIND10_PROCESS_ENDED process 16574 of b10-auth ended with status 0
2013-02-28 01:08:29.768 INFO  [b10-init.init/16543] BIND10_SEND_SIGTERM sending SIGTERM to msgq (PID 16545)
2013-02-28 01:08:29.877 INFO  [b10-init.init/16543] BIND10_PROCESS_ENDED process 16545 of msgq ended with status 0
2013-02-28 01:08:29.883 INFO  [b10-init.init/16543] BIND10_SHUTDOWN_COMPLETE all processes ended, shutdown complete

Failed to send request, the connection is closed
[1]+  Done                    bind10  (wd: /usr/local/etc/bind10)
(wd now: /home/hattori/BIND10_works)

Fedora 18 : KVM , nested VM

Here’s an explanation of how to configure nested VM.

JeOS VM is running within Ubuntu 12.10 VM which is running within Fedora KVM

JeOS VM
---------------
Ubuntu 12.10 VM
---------------------------
Fedora 18 ( KVM host )

KVM host

[root@localhost ~]# uname -ri
3.7.5-201.fc18.x86_64 x86_64

[root@localhost ~]# cat /etc/fedora-release
Fedora release 18 (Spherical Cow)

[root@localhost ~]# libvirtd --version
libvirtd (libvirt) 0.10.2.3

[root@localhost ~]# qemu-kvm --version
QEMU emulator version 1.2.2 (qemu-kvm-devel), Copyright (c) 2003-2008 Fabrice Bellard

[root@localhost ~]# egrep "model name" /proc/cpuinfo |uniq
model name : AMD Phenom(tm) II X4 925 Processor

[root@localhost ~]# egrep 'vmx|svm' /proc/cpuinfo | uniq
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt hw_pstate npt lbrv svm_lock nrip_save


kvm_amd seemed to be enabled on  Fedora 18’s KVM package by default settings.
[root@localhost ~]# modinfo kvm_amd
filename:       /lib/modules/3.7.5-201.fc18.x86_64/kernel/arch/x86/kvm/kvm-amd.ko
license:        GPL
author:         Qumranet
alias:          x86cpu:vendor:*:family:*:model:*:feature:*00C2*
depends:        kvm
intree:         Y
vermagic:       3.7.5-201.fc18.x86_64 SMP mod_unload
parm:           npt:int
parm:           nested:int

[root@localhost ~]# cat /sys/module/kvm_amd/parameters/nested
1


I’ve prepared a ubuntu 12.10 VM.

start the VM
virsh # start ubuntu1210-vm01 --console
Domain ubuntu1210-vm01 started
Connected to domain ubuntu1210-vm01
Escape character is ^]

Ubuntu 12.10 ubuntu1210-vm1 ttyS0

ubuntu1210-vm1 login: root
Password:
root@ubuntu1210-vm1:~#


check the CPU info of that VM to see if the VM’s CPU support AMD-V.
the VM supports AMD-V
root@ubuntu1210-vm1:~# egrep 'model name|svm' /proc/cpuinfo
model name : QEMU Virtual CPU version 1.2.2
flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm up nopl pni cx16 popcnt hypervisor lahf_lm svm abm sse4a


install KVM and vm builder
root@ubuntu1210-vm1:~# apt-get install -y kvm libvirt-bin
root@ubuntu1210-vm1:~# apt-get install -y python-vm-builder-ec2

root@ubuntu1210-vm1:~# kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used


build a JeOS VM within the Ubuntu 12.10 VM which is running within Fedora KVM.
root@ubuntu1210-vm1:~# vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 -o --libvirt qemu:///system --hostname myvm --user user --pass default
2013-02-26 00:13:49,061 INFO    : Calling hook: preflight_check
2013-02-26 00:13:49,065 INFO    : Calling hook: set_defaults
2013-02-26 00:13:49,066 INFO    : Calling hook: bootstrap
<snip>
2013-02-26 00:36:14,281 INFO    : Converting /tmp/tmpdowa5G to qcow2, format ubuntu-kvm/tmpdowa5G.qcow2
2013-02-26 00:36:45,799 INFO    : Calling hook: fix_ownership
2013-02-26 00:36:45,828 INFO    : Calling hook: deploy
root@ubuntu1210-vm1:~#


start the VM..
ooops , permission denied..
root@ubuntu1210-vm1:~# virsh
lWelcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
      'quit' to quit

virsh # list --all
Id    Name                           State
----------------------------------------------------
-     myvm                           shut off

virsh # start myvm
error: Failed to start domain myvm
error: internal error process exited while connecting to monitor: kvm: -drive file=/root/ubuntu-kvm/tmpdowa5G.qcow2,if=none,id=drive-ide0-0-0,format=qcow2: could not open disk image /root/ubuntu-kvm/tmpdowa5G.qcow2: Permission denied


virsh #


mv qcow2 image to /var/lib/libvirt/images directory
root@ubuntu1210-vm1:~# mv ubuntu-kvm/tmpdowa5G.qcow2 /var/lib/libvirt/images/myvm.qcow2


and edit XML

from
<source file='/root/ubuntu-kvm/tmpdowa5G.qcow2'/>


to
<source file='/var/lib/libvirt/images/myvm.qcow2'/>


start the VM
the VM “myvm” is running ubuntu 12.10 VM which is running within Fedora KVM.
virsh # start myvm
Domain myvm started

virsh # list --all
Id    Name                           State
----------------------------------------------------
2     myvm                           running

CentOS 6 32bit : how to install JRE


# cat /etc/centos-release ;uname -ri
CentOS release 6.3 (Final)
2.6.32-279.22.1.el6.i686 i386

Download an appropriate JRE from http://www.oracle.com/technetwork/java/javase/downloads/index.html
jre-6u41-linux-i586.bin

install JRE
# mv jre-6u41-linux-i586.bin tmp/
# cd tmp
# sh jre-6u41-linux-i586.bin

# ./jre1.6.0_41/bin/java -version
java version "1.6.0_41"
Java(TM) SE Runtime Environment (build 1.6.0_41-b02)
Java HotSpot(TM) Client VM (build 20.14-b01, mixed mode, sharing)


mv jre1.6.0_41 to /usr/local
mv jre1.6.0_41 /usr/local/


configure environments for Java
# cat /etc/environment
JAVA_HOME=/usr/local/jre1.6.0_41


configure PATH
# cat /root/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
       . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin:$JAVA_HOME/bin

export PATH


reboot the OS to see the environments are reflected.
# reboot

# echo $JAVA_HOME
/usr/local/jre1.6.0_41

# java -version
java version "1.6.0_41"
Java(TM) SE Runtime Environment (build 1.6.0_41-b02)
Java HotSpot(TM) Client VM (build 20.14-b01, mixed mode, sharing)

install fail2ban on Ubuntu 12.04 LTS

http://www.fail2ban.org/wiki/index.php/Main_Page
In short , fail2ban detects multiple authentication failures and bans access from these hosts.

# uname –ri
3.2.0-38-generic x86_64

# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"


install fail2ban via apt-get
# apt-get install fail2ban –y

# apt-cache policy fail2ban
fail2ban:
 Installed: 0.8.6-3
 Candidate: 0.8.6-3
 Version table:
*** 0.8.6-3 0
       500 http://jp.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
       100 /var/lib/dpkg/status


[ configuration ]
# ls /etc/fail2ban/
action.d  fail2ban.conf  filter.d  jail.conf


I’ll use default configuration. ( no customization )
# egrep -v ^# /etc/fail2ban/jail.conf | head -10


[DEFAULT]

ignoreip = 127.0.0.1/8
bantime  = 600
maxretry = 3

backend = auto

root@ubuntu1204-vm1:~# egrep -v ^# /etc/fail2ban/jail.conf | head -50

[DEFAULT]

ignoreip = 127.0.0.1/8
bantime  = 600
maxretry = 3

backend = auto

destemail = root@localhost


banaction = iptables-multiport

mta = sendmail

protocol = tcp

chain = INPUT


action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

action = %(action_)s

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6


start fail2ban
# /etc/init.d/fail2ban restart
* Restarting authentication failure monitor fail2ban                    [ OK ]

# /etc/init.d/fail2ban status
* Status of authentication failure monitor                                      *  fail2ban is running


I intentionally failed SSH access six times to test.

before
# iptables -L –n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination


after fail2ban detects SSH auth failure six times.
fail2ban added the iptables rule to ban the host.
# iptables –L –n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
DROP       all  --  192.168.10.120       0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

# less /var/log/fail2ban.log
2013-02-20 20:06:17,835 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
2013-02-20 20:06:17,836 fail2ban.jail   : INFO   Creating new jail 'ssh'
2013-02-20 20:06:17,837 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin
2013-02-20 20:06:17,853 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2013-02-20 20:06:17,853 fail2ban.filter : INFO   Set maxRetry = 6
2013-02-20 20:06:17,854 fail2ban.filter : INFO   Set findtime = 600
2013-02-20 20:06:17,854 fail2ban.actions: INFO   Set banTime = 600
2013-02-20 20:06:17,879 fail2ban.jail   : INFO   Jail 'ssh' started
2013-02-20 20:10:02,144 fail2ban.actions: WARNING [ssh] Ban 192.168.10.12


after 600 seconds ( bantime  = 600 ) passed , fail2ban erased the iptables rule.
# iptables -L –n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


You can use fail2ban in combination with apache-auth , pop3 , vsftpd etc.

Here’s an example of how to block vsftpd’s auth failures by fail2ban.

install vsftpd
# apt-get install vsftpd


vsftpd.conf
# egrep -v ^# /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_list_enable=NO
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem


edit jail2.conf
[vsftpd]

#enabled  = false
enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = vsftpd
logpath  = /var/log/vsftpd.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
maxretry = 6


reload to reflect the configuration.
# fail2ban-client reload


before
# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-vsftpd  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 21,20,990,989
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-vsftpd (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


after blocked by fail2ban
# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-vsftpd  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 21,20,990,989
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-vsftpd (1 references)
target     prot opt source               destination
DROP       all  --  192.168.10.120       0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


# less /var/log/fail2ban.log
fail2ban.actions: WARNING [vsftpd] Ban 192.168.10.120