On Thu, Feb 9, 2023 at 12:36 PM Marcos A.T. Silva <marcos...@gmail.com> wrote:
>
> Great, thank you.
>
> Well, the problem is now it seems that no jail is running, despite I
> restarted Fail2Ban.
>
> When I run `sudo fail2ban-client status`, for example, it shows me no jail is
> running:
>
> Status
> |- Number of jail: 0
> `- Jail list:
>
> But I have now at `/etc/fail2ban/jail.d` two .conf files: recidive.conf and
> sshd.conf. The sshd.conf file has the below content:
>
> ---
> [sshd]
>
> # To use more aggressive sshd modes set filter parameter "mode" in jail.local:
> # normal (default), ddos, extra or aggressive (combines all).
> # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and
> details.
> #mode = normal
> port = ssh
> logpath = %(sshd_log)s
> backend = %(sshd_backend)s
> enabled = true
> ---
>
> What am I doing wrong here? Thanks again.
>
I have no idea of what recidive.conf is all about or where it came from.
> Em qui., 9 de fev. de 2023 às 14:31, Mauricio Tavares <raubvo...@gmail.com>
> escreveu:
>>
>> On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva <marcos...@gmail.com>
>> wrote:
>> >
>> > Hi there,
>> >
>> > I really can't find enough words to express my gratitude to you all guys.
>> > :)
>> >
>> > I think I am finally putting this to work.
>> >
>> > All your suggestions and help made me understand, I think, how that works.
>> >
>> > I've done the following:
>> >
>> > 1) Once, for what I understood, jail.local always overrides jail.conf, I
>> > left all jails disabled (false) on jail.local. After that, I've renamed
>> > jail.conf to jail.conf.unused, as Lee suggested.
>> >
>> AFAIK jail.conf does not turn anything on; that is the job of
>> jail.local and/or jail.d/something-here.conf
>>
>> > 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put there
>> > only the content regarding the sshd jail that was in my jail.local,
>> > enabling this jail.
>> >
>> > 3) Finally I tried to start Fail2Ban and it worked! Thank you!
>> >
>> > Well, I noticed (maybe I am wrong, of course) that I need to use both
>> > `sudo fail2ban-client start` and `sudo systemctl start fail2ban` to make
>> > it start and be enabled. Is that right?
>> >
>> systemctl start fail2ban should have sufficed.
>>
>> > But I rebooted the server and systemctl status shows me that Fail2Ban is
>> > still active.
>> >
>> > Another question, if possible: now I have only sshd jail active, as per
>> > the above procedures. Is there a way to check if it is really running?
>> >
>> fail2ban-client status sshd
>>
>> > Thanks again.
>> >
>> > Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares
>> > <raubvo...@gmail.com> escreveu:
>> >>
>> >> On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert <l...@omnitec.net> wrote:
>> >> >
>> >> > On Thu, 9 Feb 2023, Mauricio Tavares wrote:
>> >> >
>> >> > > My suggestion is to find which services you are using and then
>> >> > > where they are writing their logs to. Take a look at jail.conf (I
>> >> > > forgot to mention that file). Chances are there are entries for most
>> >> > > of the services there. Case in point, the ssh services, including
>> >> > > selinux-ssh, it knows of are
>> >> > >
>> >> > It appears that the fail2ban package for Ubuntu 20 is NOT very current.
>> >> > Much simpler to manage if all of the jails are in separate files in
>> >> > jail.d, .. not in a mile long jail.conf.
>> >> >
>> >> > Also, always confirm the installation of ONLY ssh, until you know what
>> >> > you
>> >> > need to monitor.
>> >> >
>> >> FYI
>> >>
>> >> raub@some-debian-box:~$ cat /etc/fail2ban/jail.d/defaults-debian.conf
>> >> [sshd]
>> >> enabled = true
>> >> raub@some-debian-box:~$
>> >>
>> >> > Lee
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
