Hi Finn, Understood. Thank you very much. :)
I think I'll learn this one day. Well, it seems things are starting to work here. So, do you know how can I make sure that a jail is really running? Because, for example, I've enabled the sshd jail. The enabled jail is as below: ``` #mode = normal port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s enabled = true ``` Is the above jail correct? Do I have to put a "filter" part there or uncomment the #mode? Well, I don't know if I am testing it right. But, for example, if I run `fail2ban-client status sshd` I receive the below output: ``` Status for the jail: sshd |- Filter | |- Currently failed: 1 | |- Total failed: 1 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: ``` But I think I've tried to login at the server with a wrong passphrase for my SSH key twice, and Fail2Ban is only displaying one attempt. Is this correct? Thanks again, and sorry for the disturbance. Em qui., 9 de fev. de 2023 às 15:34, fail2ban--- via Fail2ban-users < fail2ban-users@lists.sourceforge.net> escreveu: > Hi Marcos > > jail.conf is holding the default settings for the jails > > jail.local is where You make Your own settings and customizations. > > When You update fail2ban jail.conf may be altered but jail.local will > not and therfore settings (enabled kails etc. will be safe) > > A good idea is to read through the /etc/fail2ban/*.conf files since the > makers has included a lot of informations between the lines - some are > difficult to understand the first time but eventually You will get > better knowledge and understanding of this nice and GREAT tool. > > Regards, > /Finn > > > Den 09-02-2023 kl. 19:05 skrev Marcos A.T. Silva: > > Well, I have installed Fail2Ban from my own once I get this new Ubuntu > > server. I am using Ubuntu 20.04. > > > > I only got this working by setting jails as enabled in the jail.local > > file. The individual files in jail.d directory don't work. > > > > Em qui., 9 de fev. de 2023 às 14:44, Nick Howitt via Fail2ban-users > > <fail2ban-users@lists.sourceforge.net > > <mailto:fail2ban-users@lists.sourceforge.net>> escreveu: > > > > Surely jail.conf should be left in place as it it supplies some > > defaults, especially if you are using a distro packaged version? I > > don't think any jails are enabled by default but it may depend on > > the distro. > > > > Then use jail.local or files in jail.d/ to enable particular filters. > > > > Nick > > > > On 09/02/2023 17:31, Mauricio Tavares wrote: > >> On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. Silva< > marcos...@gmail.com> <mailto:marcos...@gmail.com> wrote: > >>> Hi there, > >>> > >>> I really can't find enough words to express my gratitude to you > all guys. :) > >>> > >>> I think I am finally putting this to work. > >>> > >>> All your suggestions and help made me understand, I think, how > that works. > >>> > >>> I've done the following: > >>> > >>> 1) Once, for what I understood, jail.local always overrides > jail.conf, I left all jails disabled (false) on jail.local. After that, > I've renamed jail.conf to jail.conf.unused, as Lee suggested. > >>> > >> AFAIK jail.conf does not turn anything on; that is the job of > >> jail.local and/or jail.d/something-here.conf > >> > >>> 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d and put > there only the content regarding the sshd jail that was in my jail.local, > enabling this jail. > >>> > >>> 3) Finally I tried to start Fail2Ban and it worked! Thank you! > >>> > >>> Well, I noticed (maybe I am wrong, of course) that I need to use > both `sudo fail2ban-client start` and `sudo systemctl start fail2ban` to > make it start and be enabled. Is that right? > >>> > >> systemctl start fail2ban should have sufficed. > >> > >>> But I rebooted the server and systemctl status shows me that > Fail2Ban is still active. > >>> > >>> Another question, if possible: now I have only sshd jail active, > as per the above procedures. Is there a way to check if it is really > running? > >>> > >> fail2ban-client status sshd > >> > >>> Thanks again. > >>> > >>> Em qui., 9 de fev. de 2023 às 12:13, Mauricio Tavares< > raubvo...@gmail.com> <mailto:raubvo...@gmail.com> escreveu: > >>>> On Thu, Feb 9, 2023 at 10:11 AM L. V. Lammert<l...@omnitec.net> > <mailto:l...@omnitec.net> wrote: > >>>>> On Thu, 9 Feb 2023, Mauricio Tavares wrote: > >>>>> > >>>>>> My suggestion is to find which services you are using > and then > >>>>>> where they are writing their logs to. Take a look at jail.conf > (I > >>>>>> forgot to mention that file). Chances are there are entries for > most > >>>>>> of the services there. Case in point, the ssh services, > including > >>>>>> selinux-ssh, it knows of are > >>>>>> > >>>>> It appears that the fail2ban package for Ubuntu 20 is NOT very > current. > >>>>> Much simpler to manage if all of the jails are in separate files > in > >>>>> jail.d, .. not in a mile long jail.conf. > >>>>> > >>>>> Also, always confirm the installation of ONLY ssh, until you > know what you > >>>>> need to monitor. > >>>>> > >>>> FYI > >>>> > >>>> raub@some-debian-box:~$ cat > /etc/fail2ban/jail.d/defaults-debian.conf > >>>> [sshd] > >>>> enabled = true > >>>> raub@some-debian-box:~$ > >>>> > >>>>> Lee > >> _______________________________________________ > >> Fail2ban-users mailing list > >> Fail2ban-users@lists.sourceforge.net <mailto: > Fail2ban-users@lists.sourceforge.net> > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users < > https://lists.sourceforge.net/lists/listinfo/fail2ban-users> > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > <mailto:Fail2ban-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users> > > > > > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- > "After sleeping through a hundred million centuries we have finally > opened our eyes on a sumptuous planet, sparkling with color, bountiful > with life. Within decades we must close our eyes again. Isn't it a > noble, an enlightened way of spending our brief time in the sun, to work > at understanding the universe and how we have come to wake up in it?" > [- Professor Richard Dawkins] > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
