On Thu, Feb 9, 2023 at 9:49 AM Marcos A.T. Silva <marcos...@gmail.com> wrote:
>
> Hi!
>
> I am using Ubuntu 20.04.
>
> Thank you very much. I'll try that in a few minutes.
>
> This thing is making me a bit confused: by default, every jail in my
> jail.local file doesn't have a `enabled = true` (or `enabled = false`) line.
> So, this means that all of them are automatically enabled as soon as we
> install Fail2Ban?
>
> I am also asking this because once I "solve" a problem (a few minutes ago I
> was doing some configurations on Apache) a new one appears. Right now, for
> example, Fail2Ban is complaining that it was not possible to find logs for
> "openhab-auth
> ". I have done some research and found that certainly I'll not use this tech
> and so I could disable this jail (this openhab is not even installed here).
> Am I right?
>
My suggestion is to find which services you are using and then
where they are writing their logs to. Take a look at jail.conf (I
forgot to mention that file). Chances are there are entries for most
of the services there. Case in point, the ssh services, including
selinux-ssh, it knows of are
#
# SSH servers
#
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage
example and details.
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[dropbear]
port = ssh
logpath = %(dropbear_log)s
backend = %(dropbear_backend)s
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s
jail.local, or something in jail.d, is used to customize and turn the
service on. So, if you are using the selinux-enabled version of ssh,
you could edit its logpath in your own custom jail.d/selinux-ssh.conf
to fit your needs. Now, if you do not use that ssh service, there is
always the sshd mentioned above.
>
> Em qui., 9 de fev. de 2023 às 10:55, Mauricio Tavares <raubvo...@gmail.com>
> escreveu:
>>
>> On Thu, Feb 9, 2023 at 8:26 AM L. V. Lammert <l...@omnitec.net> wrote:
>> >
>> > On Thu, 9 Feb 2023, Marcos A.T. Silva wrote:
>> >
>> > > Hi again,
>> > >
>> > > I think I understood. Thank you very much.
>> > >
>> > > Well, doing that (I´ve only changed tne jail.local because I don't
>> > > understood very well that jail.d part) the error regarding Selinux
>> > > disappeared. But now a new error is being displayed:
>> > >
>> > > "[21330]: ERROR Failed during configuration: Have not found any log
>> > > file
>> > > for apache-auth jail"
>> > >
>> > Same problem; the configuration you are working from does not match the
>> > machine where it is deployed.
>> >
>> > In most instances, fail2ban installs with a single jail enabled, ssh, and
>> > then the configuration is updated to include jails as required, using
>> > logfiles present on the machine.
>> >
>> Which distro are you using?
>>
>> My 2 coffee grains:
>>
>> 1. Turn ONE of the fail2ban monitoring things in jail.local on. Just one.
>> 1.5. Turn them all off in jail.local and then create a jail.d/service.conf
>> file
>> 2. Go to /etc/fail2ban/paths-common.conf and verify the log file(s)
>> used by the service you are actually monitoring exists. Adjust as
>> needed either there or in your service.conf file
>> 3. Restart fail2ban and ensure it works.
>> 4. Once satisfied fail2ban is monitoring service, create a new
>> jail.d/service.conf and repeats steps 2-4 on this new service
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
