Great, thank you. Well, the problem is now it seems that no jail is running, despite I restarted Fail2Ban.
When I run `sudo fail2ban-client status`, for example, it shows me no jail is running: Status |- Number of jail: 0 `- Jail list: But I have now at `/etc/fail2ban/jail.d` two .conf files: recidive.conf and sshd.conf. The sshd.conf file has the below content: --- [sshd] # To use more aggressive sshd modes set filter parameter "mode" in jail.local: # normal (default), ddos, extra or aggressive (combines all). # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. #mode = normal port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s enabled = true --- What am I doing wrong here? Thanks again. Em qui., 9 de fev. de 2023 às 14:31, Mauricio Tavares <raubvo...@gmail.com> escreveu: > On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva <marcos...@gmail.com> > wrote: > > > > Hi there, > > > > I really can't find enough words to express my gratitude to you all > guys. :) > > > > I think I am finally putting this to work. > > > > All your suggestions and help made me understand, I think, how that > works. > > > > I've done the following: > > > > 1) Once, for what I understood, jail.local always overrides jail.conf, I > left all jails disabled (false) on jail.local. After that, I've renamed > jail.conf to jail.conf.unused, as Lee suggested. > > > AFAIK jail.conf does not turn anything on; that is the job of > jail.local and/or jail.d/something-here.conf > > > 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put there > only the content regarding the sshd jail that was in my jail.local, > enabling this jail. > > > > 3) Finally I tried to start Fail2Ban and it worked! Thank you! > > > > Well, I noticed (maybe I am wrong, of course) that I need to use both > `sudo fail2ban-client start` and `sudo systemctl start fail2ban` to make it > start and be enabled. Is that right? > > > systemctl start fail2ban should have sufficed. > > > But I rebooted the server and systemctl status shows me that Fail2Ban is > still active. > > > > Another question, if possible: now I have only sshd jail active, as per > the above procedures. Is there a way to check if it is really running? > > > fail2ban-client status sshd > > > Thanks again. > > > > Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares < > raubvo...@gmail.com> escreveu: > >> > >> On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert <l...@omnitec.net> wrote: > >> > > >> > On Thu, 9 Feb 2023, Mauricio Tavares wrote: > >> > > >> > > My suggestion is to find which services you are using and then > >> > > where they are writing their logs to. Take a look at jail.conf (I > >> > > forgot to mention that file). Chances are there are entries for most > >> > > of the services there. Case in point, the ssh services, including > >> > > selinux-ssh, it knows of are > >> > > > >> > It appears that the fail2ban package for Ubuntu 20 is NOT very > current. > >> > Much simpler to manage if all of the jails are in separate files in > >> > jail.d, .. not in a mile long jail.conf. > >> > > >> > Also, always confirm the installation of ONLY ssh, until you know > what you > >> > need to monitor. > >> > > >> FYI > >> > >> raub@some-debian-box:~$ cat /etc/fail2ban/jail.d/defaults-debian.conf > >> [sshd] > >> enabled = true > >> raub@some-debian-box:~$ > >> > >> > Lee >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
