Re: [Fail2ban-users] Fail2Ban cannot start due to logs

[fail2ban--- via Fail2ban-users]

Hi Marcos

jail.conf is holding the default settings for the jails
jail.local is where You make Your own settings and customizations.

When You update fail2ban jail.conf may be altered but jail.local will 
not and therfore settings (enabled kails etc. will be safe)

A good idea is to read through the /etc/fail2ban/*.conf files since the 
makers has included a lot of informations between the lines - some are 
difficult to understand the first time but eventually You will get 
better knowledge and understanding of this nice and GREAT tool.

Regards,
/Finn


Den 09-02-2023 kl. 19:05 skrev Marcos A.T. Silva:
Well, I have installed Fail2Ban from my own once I get this new Ubuntu 
server. I am using Ubuntu 20.04.

I only got this working by setting jails as enabled in the jail.local 
file. The individual files in jail.d directory don't work.

Em qui., 9 de fev. de 2023 às 14:44, Nick Howitt via Fail2ban-users 
<fail2ban-users@lists.sourceforge.net 
<mailto:fail2ban-users@lists.sourceforge.net>> escreveu:

    Surely jail.conf should be left in place as it it supplies some
    defaults, especially if you are using a distro packaged version? I
    don't think any jails are enabled by default but it may depend on
    the distro.

    Then use jail.local or files in jail.d/ to enable particular filters.

    Nick

    On 09/02/2023 17:31, Mauricio Tavares wrote:
    On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva<marcos...@gmail.com>  
<mailto:marcos...@gmail.com>  wrote:
    Hi there,

    I really can't find enough words to express my gratitude to you all guys. :)

    I think I am finally putting this to work.

    All your suggestions and help made me understand, I think, how that works.

    I've done the following:

    1) Once, for what I understood, jail.local always overrides jail.conf, I 
left all jails disabled (false) on jail.local. After that, I've renamed 
jail.conf to jail.conf.unused, as Lee suggested.

           AFAIK jail.conf does not turn anything on; that is the job of
    jail.local and/or jail.d/something-here.conf

    2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put there 
only the content regarding the sshd jail that was in my jail.local, enabling 
this jail.

    3) Finally I tried to start Fail2Ban and it worked! Thank you!

    Well, I noticed (maybe I am wrong, of course) that I need to use both `sudo 
fail2ban-client start` and `sudo systemctl start fail2ban` to make it start and 
be enabled. Is that right?

           systemctl start fail2ban should have sufficed.

    But I rebooted the server and systemctl status shows me that Fail2Ban is 
still active.

    Another question, if possible: now I have only sshd jail active, as per the 
above procedures. Is there a way to check if it is really running?

    fail2ban-client status sshd

    Thanks again.

    Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares<raubvo...@gmail.com>  
<mailto:raubvo...@gmail.com>  escreveu:
    On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert<l...@omnitec.net>  
<mailto:l...@omnitec.net>  wrote:
    On Thu, 9 Feb 2023, Mauricio Tavares wrote:

           My suggestion is to find which services you are using and then
    where they are writing their logs to. Take a look at jail.conf (I
    forgot to mention that file). Chances are there are entries for most
    of the services there. Case in point, the ssh services, including
    selinux-ssh, it knows of are

    It appears that the fail2ban package for Ubuntu 20 is NOT very current.
    Much simpler to manage if all of the jails are in separate files in
    jail.d, .. not in a mile long jail.conf.

    Also, always confirm the installation of ONLY ssh, until you know what you
    need to monitor.

    FYI

    raub@some-debian-box:~$ cat /etc/fail2ban/jail.d/defaults-debian.conf
    [sshd]
    enabled = true
    raub@some-debian-box:~$

             Lee
    _______________________________________________
    Fail2ban-users mailing list
    Fail2ban-users@lists.sourceforge.net  
<mailto:Fail2ban-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/fail2ban-users  
<https://lists.sourceforge.net/lists/listinfo/fail2ban-users>

    _______________________________________________
    Fail2ban-users mailing list
    Fail2ban-users@lists.sourceforge.net
    <mailto:Fail2ban-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/fail2ban-users
    <https://lists.sourceforge.net/lists/listinfo/fail2ban-users>



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

--
"After sleeping through a hundred million centuries we have finally 
opened our eyes on a sumptuous planet, sparkling with color, bountiful 
with life. Within decades we must close our eyes again. Isn't it a 
noble, an enlightened way of spending our brief time in the sun, to work 
at understanding the universe and how we have come to wake up in it?"
[- Professor Richard Dawkins]


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users