There is some misinformation here. Jails can be enabled via configlets
in jail.d/ as well as overrides in jail.local.
Anyway, what is your full jail config in jail.local? All you need is:
[sshd]
enabled = true
It will pull everything else from jail.conf. Anything else you put here
will override anything in jail.conf so it is up to you if you want to
accept the default settings in jail.conf or override them.
On 09/02/2023 18:45, Marcos A.T. Silva wrote:
Hi Finn,
Understood. Thank you very much. :)
I think I'll learn this one day. Well, it seems things are starting to
work here.
So, do you know how can I make sure that a jail is really running?
Because, for example, I've enabled the sshd jail. The enabled jail is
as below:
```
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
```
Is the above jail correct? Do I have to put a "filter" part there or
uncomment the #mode?
Well, I don't know if I am testing it right. But, for example, if I
run `fail2ban-client status sshd` I receive the below output:
```
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 1
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
```
But I think I've tried to login at the server with a wrong passphrase
for my SSH key twice, and Fail2Ban is only displaying one attempt. Is
this correct?
Thanks again, and sorry for the disturbance.
Em qui., 9 de fev. de 2023 às 15:34, fail2ban--- via Fail2ban-users
<fail2ban-users@lists.sourceforge.net> escreveu:
Hi Marcos
jail.conf is holding the default settings for the jails
jail.local is where You make Your own settings and customizations.
When You update fail2ban jail.conf may be altered but jail.local will
not and therfore settings (enabled kails etc. will be safe)
A good idea is to read through the /etc/fail2ban/*.conf files
since the
makers has included a lot of informations between the lines - some
are
difficult to understand the first time but eventually You will get
better knowledge and understanding of this nice and GREAT tool.
Regards,
/Finn
Den 09-02-2023 kl. 19:05 skrev Marcos A.T. Silva:
> Well, I have installed Fail2Ban from my own once I get this new
Ubuntu
> server. I am using Ubuntu 20.04.
>
> I only got this working by setting jails as enabled in the
jail.local
> file. The individual files in jail.d directory don't work.
>
> Em qui., 9 de fev. de 2023 às 14:44, Nick Howitt via Fail2ban-users
> <fail2ban-users@lists.sourceforge.net
> <mailto:fail2ban-users@lists.sourceforge.net>> escreveu:
>
> Surely jail.conf should be left in place as it it supplies some
> defaults, especially if you are using a distro packaged
version? I
> don't think any jails are enabled by default but it may
depend on
> the distro.
>
> Then use jail.local or files in jail.d/ to enable particular
filters.
>
> Nick
>
> On 09/02/2023 17:31, Mauricio Tavares wrote:
>> On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T.
Silva<marcos...@gmail.com> <mailto:marcos...@gmail.com> wrote:
>>> Hi there,
>>>
>>> I really can't find enough words to express my gratitude
to you all guys. :)
>>>
>>> I think I am finally putting this to work.
>>>
>>> All your suggestions and help made me understand, I think,
how that works.
>>>
>>> I've done the following:
>>>
>>> 1) Once, for what I understood, jail.local always
overrides jail.conf, I left all jails disabled (false) on
jail.local. After that, I've renamed jail.conf to
jail.conf.unused, as Lee suggested.
>>>
>> AFAIK jail.conf does not turn anything on; that is
the job of
>> jail.local and/or jail.d/something-here.conf
>>
>>> 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d
and put there only the content regarding the sshd jail that was in
my jail.local, enabling this jail.
>>>
>>> 3) Finally I tried to start Fail2Ban and it worked! Thank you!
>>>
>>> Well, I noticed (maybe I am wrong, of course) that I need
to use both `sudo fail2ban-client start` and `sudo systemctl start
fail2ban` to make it start and be enabled. Is that right?
>>>
>> systemctl start fail2ban should have sufficed.
>>
>>> But I rebooted the server and systemctl status shows me
that Fail2Ban is still active.
>>>
>>> Another question, if possible: now I have only sshd jail
active, as per the above procedures. Is there a way to check if it
is really running?
>>>
>> fail2ban-client status sshd
>>
>>> Thanks again.
>>>
>>> Em qui., 9 de fev. de 2023 às 12:13, Mauricio
Tavares<raubvo...@gmail.com> <mailto:raubvo...@gmail.com> escreveu:
>>>> On Thu, Feb 9, 2023 at 10:11 AM L. V.
Lammert<l...@omnitec.net> <mailto:l...@omnitec.net> wrote:
>>>>> On Thu, 9 Feb 2023, Mauricio Tavares wrote:
>>>>>
>>>>>> My suggestion is to find which services you are
using and then
>>>>>> where they are writing their logs to. Take a look at
jail.conf (I
>>>>>> forgot to mention that file). Chances are there are
entries for most
>>>>>> of the services there. Case in point, the ssh services,
including
>>>>>> selinux-ssh, it knows of are
>>>>>>
>>>>> It appears that the fail2ban package for Ubuntu 20 is
NOT very current.
>>>>> Much simpler to manage if all of the jails are in
separate files in
>>>>> jail.d, .. not in a mile long jail.conf.
>>>>>
>>>>> Also, always confirm the installation of ONLY ssh, until
you know what you
>>>>> need to monitor.
>>>>>
>>>> FYI
>>>>
>>>> raub@some-debian-box:~$ cat
/etc/fail2ban/jail.d/defaults-debian.conf
>>>> [sshd]
>>>> enabled = true
>>>> raub@some-debian-box:~$
>>>>
>>>>> Lee
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
<https://lists.sourceforge.net/lists/listinfo/fail2ban-users>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> <mailto:Fail2ban-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> <https://lists.sourceforge.net/lists/listinfo/fail2ban-users>
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
"After sleeping through a hundred million centuries we have finally
opened our eyes on a sumptuous planet, sparkling with color,
bountiful
with life. Within decades we must close our eyes again. Isn't it a
noble, an enlightened way of spending our brief time in the sun,
to work
at understanding the universe and how we have come to wake up in it?"
[- Professor Richard Dawkins]
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
