Well, I have installed Fail2Ban from my own once I get this new Ubuntu server. I am using Ubuntu 20.04.
I only got this working by setting jails as enabled in the jail.local file. The individual files in jail.d directory don't work. Em qui., 9 de fev. de 2023 às 14:44, Nick Howitt via Fail2ban-users < fail2ban-users@lists.sourceforge.net> escreveu: > Surely jail.conf should be left in place as it it supplies some defaults, > especially if you are using a distro packaged version? I don't think any > jails are enabled by default but it may depend on the distro. > > Then use jail.local or files in jail.d/ to enable particular filters. > > Nick > > On 09/02/2023 17:31, Mauricio Tavares wrote: > > On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva <marcos...@gmail.com> > <marcos...@gmail.com> wrote: > > Hi there, > > I really can't find enough words to express my gratitude to you all guys. :) > > I think I am finally putting this to work. > > All your suggestions and help made me understand, I think, how that works. > > I've done the following: > > 1) Once, for what I understood, jail.local always overrides jail.conf, I left > all jails disabled (false) on jail.local. After that, I've renamed jail.conf > to jail.conf.unused, as Lee suggested. > > > AFAIK jail.conf does not turn anything on; that is the job of > jail.local and/or jail.d/something-here.conf > > > 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put there only > the content regarding the sshd jail that was in my jail.local, enabling this > jail. > > 3) Finally I tried to start Fail2Ban and it worked! Thank you! > > Well, I noticed (maybe I am wrong, of course) that I need to use both `sudo > fail2ban-client start` and `sudo systemctl start fail2ban` to make it start > and be enabled. Is that right? > > > systemctl start fail2ban should have sufficed. > > > But I rebooted the server and systemctl status shows me that Fail2Ban is > still active. > > Another question, if possible: now I have only sshd jail active, as per the > above procedures. Is there a way to check if it is really running? > > > fail2ban-client status sshd > > > Thanks again. > > Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares <raubvo...@gmail.com> > <raubvo...@gmail.com> escreveu: > > On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert <l...@omnitec.net> > <l...@omnitec.net> wrote: > > On Thu, 9 Feb 2023, Mauricio Tavares wrote: > > > My suggestion is to find which services you are using and then > where they are writing their logs to. Take a look at jail.conf (I > forgot to mention that file). Chances are there are entries for most > of the services there. Case in point, the ssh services, including > selinux-ssh, it knows of are > > > It appears that the fail2ban package for Ubuntu 20 is NOT very current. > Much simpler to manage if all of the jails are in separate files in > jail.d, .. not in a mile long jail.conf. > > Also, always confirm the installation of ONLY ssh, until you know what you > need to monitor. > > > FYI > > raub@some-debian-box:~$ cat /etc/fail2ban/jail.d/defaults-debian.conf > [sshd] > enabled = true > raub@some-debian-box:~$ > > > Lee > > _______________________________________________ > Fail2ban-users mailing > listFail2ban-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
