Well, now it seems everything is working fine. At least, for now. I stopped using that jail.d .conf files and went back to the jail.local file. There I enabled both sshd and recidive, and the command `sudo fail2ban-client status` displays the below output:
``` Status |- Number of jail: 2 `- Jail list: recidive, sshd ``` At least now it seems it is working fine, until I decide what I will enable. :) I just don't understand why the individual .conf files do not work. Em qui., 9 de fev. de 2023 às 14:38, Mauricio Tavares <raubvo...@gmail.com> escreveu: > On Thu, Feb 9, 2023 at 12:36 PM Marcos A.T. Silva <marcos...@gmail.com> > wrote: > > > > Great, thank you. > > > > Well, the problem is now it seems that no jail is running, despite I > restarted Fail2Ban. > > > > When I run `sudo fail2ban-client status`, for example, it shows me no > jail is running: > > > > Status > > |- Number of jail: 0 > > `- Jail list: > > > > But I have now at `/etc/fail2ban/jail.d` two .conf files: recidive.conf > and sshd.conf. The sshd.conf file has the below content: > > > > --- > > [sshd] > > > > # To use more aggressive sshd modes set filter parameter "mode" in > jail.local: > > # normal (default), ddos, extra or aggressive (combines all). > > # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example > and details. > > #mode = normal > > port = ssh > > logpath = %(sshd_log)s > > backend = %(sshd_backend)s > > enabled = true > > --- > > > > What am I doing wrong here? Thanks again. > > > I have no idea of what recidive.conf is all about or where it came > from. > > > Em qui., 9 de fev. de 2023 às 14:31, Mauricio Tavares < > raubvo...@gmail.com> escreveu: > >> > >> On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva <marcos...@gmail.com> > wrote: > >> > > >> > Hi there, > >> > > >> > I really can't find enough words to express my gratitude to you all > guys. :) > >> > > >> > I think I am finally putting this to work. > >> > > >> > All your suggestions and help made me understand, I think, how that > works. > >> > > >> > I've done the following: > >> > > >> > 1) Once, for what I understood, jail.local always overrides > jail.conf, I left all jails disabled (false) on jail.local. After that, > I've renamed jail.conf to jail.conf.unused, as Lee suggested. > >> > > >> AFAIK jail.conf does not turn anything on; that is the job of > >> jail.local and/or jail.d/something-here.conf > >> > >> > 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put > there only the content regarding the sshd jail that was in my jail.local, > enabling this jail. > >> > > >> > 3) Finally I tried to start Fail2Ban and it worked! Thank you! > >> > > >> > Well, I noticed (maybe I am wrong, of course) that I need to use both > `sudo fail2ban-client start` and `sudo systemctl start fail2ban` to make it > start and be enabled. Is that right? > >> > > >> systemctl start fail2ban should have sufficed. > >> > >> > But I rebooted the server and systemctl status shows me that Fail2Ban > is still active. > >> > > >> > Another question, if possible: now I have only sshd jail active, as > per the above procedures. Is there a way to check if it is really running? > >> > > >> fail2ban-client status sshd > >> > >> > Thanks again. > >> > > >> > Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares < > raubvo...@gmail.com> escreveu: > >> >> > >> >> On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert <l...@omnitec.net> > wrote: > >> >> > > >> >> > On Thu, 9 Feb 2023, Mauricio Tavares wrote: > >> >> > > >> >> > > My suggestion is to find which services you are using and > then > >> >> > > where they are writing their logs to. Take a look at jail.conf (I > >> >> > > forgot to mention that file). Chances are there are entries for > most > >> >> > > of the services there. Case in point, the ssh services, including > >> >> > > selinux-ssh, it knows of are > >> >> > > > >> >> > It appears that the fail2ban package for Ubuntu 20 is NOT very > current. > >> >> > Much simpler to manage if all of the jails are in separate files in > >> >> > jail.d, .. not in a mile long jail.conf. > >> >> > > >> >> > Also, always confirm the installation of ONLY ssh, until you know > what you > >> >> > need to monitor. > >> >> > > >> >> FYI > >> >> > >> >> raub@some-debian-box:~$ cat > /etc/fail2ban/jail.d/defaults-debian.conf > >> >> [sshd] > >> >> enabled = true > >> >> raub@some-debian-box:~$ > >> >> > >> >> > Lee >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
