Surely jail.conf should be left in place as it it supplies some
defaults, especially if you are using a distro packaged version? I don't
think any jails are enabled by default but it may depend on the distro.
Then use jail.local or files in jail.d/ to enable particular filters.
Nick
On 09/02/2023 17:31, Mauricio Tavares wrote:
On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva<marcos...@gmail.com> wrote:
Hi there,
I really can't find enough words to express my gratitude to you all guys. :)
I think I am finally putting this to work.
All your suggestions and help made me understand, I think, how that works.
I've done the following:
1) Once, for what I understood, jail.local always overrides jail.conf, I left
all jails disabled (false) on jail.local. After that, I've renamed jail.conf to
jail.conf.unused, as Lee suggested.
AFAIK jail.conf does not turn anything on; that is the job of
jail.local and/or jail.d/something-here.conf
2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put there only
the content regarding the sshd jail that was in my jail.local, enabling this
jail.
3) Finally I tried to start Fail2Ban and it worked! Thank you!
Well, I noticed (maybe I am wrong, of course) that I need to use both `sudo
fail2ban-client start` and `sudo systemctl start fail2ban` to make it start and
be enabled. Is that right?
systemctl start fail2ban should have sufficed.
But I rebooted the server and systemctl status shows me that Fail2Ban is still
active.
Another question, if possible: now I have only sshd jail active, as per the
above procedures. Is there a way to check if it is really running?
fail2ban-client status sshd
Thanks again.
Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares<raubvo...@gmail.com>
escreveu:
On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert<l...@omnitec.net> wrote:
On Thu, 9 Feb 2023, Mauricio Tavares wrote:
My suggestion is to find which services you are using and then
where they are writing their logs to. Take a look at jail.conf (I
forgot to mention that file). Chances are there are entries for most
of the services there. Case in point, the ssh services, including
selinux-ssh, it knows of are
It appears that the fail2ban package for Ubuntu 20 is NOT very current.
Much simpler to manage if all of the jails are in separate files in
jail.d, .. not in a mile long jail.conf.
Also, always confirm the installation of ONLY ssh, until you know what you
need to monitor.
FYI
raub@some-debian-box:~$ cat /etc/fail2ban/jail.d/defaults-debian.conf
[sshd]
enabled = true
raub@some-debian-box:~$
Lee
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
