Hi Finn,
Understood. Thank you very much. :)
I think I'll learn this one day. Well, it seems things are
starting to work here.
So, do you know how can I make sure that a jail is really
running? Because, for example, I've enabled the sshd jail. The
enabled jail is as below:
```
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
```
Is the above jail correct? Do I have to put a "filter" part there
or uncomment the #mode?
Well, I don't know if I am testing it right. But, for example, if
I run `fail2ban-client status sshd` I receive the below output:
```
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 1
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
```
But I think I've tried to login at the server with a wrong
passphrase for my SSH key twice, and Fail2Ban is only displaying
one attempt. Is this correct?
Thanks again, and sorry for the disturbance.
Em qui., 9 de fev. de 2023 às 15:34, fail2ban--- via
Fail2ban-users <fail2ban-users@lists.sourceforge.net> escreveu:
Hi Marcos
jail.conf is holding the default settings for the jails
jail.local is where You make Your own settings and
customizations.
When You update fail2ban jail.conf may be altered but
jail.local will
not and therfore settings (enabled kails etc. will be safe)
A good idea is to read through the /etc/fail2ban/*.conf files
since the
makers has included a lot of informations between the lines -
some are
difficult to understand the first time but eventually You
will get
better knowledge and understanding of this nice and GREAT tool.
Regards,
/Finn
Den 09-02-2023 kl. 19:05 skrev Marcos A.T. Silva:
> Well, I have installed Fail2Ban from my own once I get this
new Ubuntu
> server. I am using Ubuntu 20.04.
>
> I only got this working by setting jails as enabled in the
jail.local
> file. The individual files in jail.d directory don't work.
>
> Em qui., 9 de fev. de 2023 às 14:44, Nick Howitt via
Fail2ban-users
> <fail2ban-users@lists.sourceforge.net
> <mailto:fail2ban-users@lists.sourceforge.net>> escreveu:
>
> Surely jail.conf should be left in place as it it
supplies some
> defaults, especially if you are using a distro packaged
version? I
> don't think any jails are enabled by default but it may
depend on
> the distro.
>
> Then use jail.local or files in jail.d/ to enable
particular filters.
>
> Nick
>
> On 09/02/2023 17:31, Mauricio Tavares wrote:
>> On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T.
Silva<marcos...@gmail.com> <mailto:marcos...@gmail.com> wrote:
>>> Hi there,
>>>
>>> I really can't find enough words to express my
gratitude to you all guys. :)
>>>
>>> I think I am finally putting this to work.
>>>
>>> All your suggestions and help made me understand, I
think, how that works.
>>>
>>> I've done the following:
>>>
>>> 1) Once, for what I understood, jail.local always
overrides jail.conf, I left all jails disabled (false) on
jail.local. After that, I've renamed jail.conf to
jail.conf.unused, as Lee suggested.
>>>
>> AFAIK jail.conf does not turn anything on; that
is the job of
>> jail.local and/or jail.d/something-here.conf
>>
>>> 2) Now I created a sshd.conf file in
/etc/fail2ban/jail.d and put there only the content regarding
the sshd jail that was in my jail.local, enabling this jail.
>>>
>>> 3) Finally I tried to start Fail2Ban and it worked!
Thank you!
>>>
>>> Well, I noticed (maybe I am wrong, of course) that I
need to use both `sudo fail2ban-client start` and `sudo
systemctl start fail2ban` to make it start and be enabled. Is
that right?
>>>
>> systemctl start fail2ban should have sufficed.
>>
>>> But I rebooted the server and systemctl status shows
me that Fail2Ban is still active.
>>>
>>> Another question, if possible: now I have only sshd
jail active, as per the above procedures. Is there a way to
check if it is really running?
>>>
>> fail2ban-client status sshd
>>
>>> Thanks again.
>>>
>>> Em qui., 9 de fev. de 2023 às 12:13, Mauricio
Tavares<raubvo...@gmail.com> <mailto:raubvo...@gmail.com>
escreveu:
>>>> On Thu, Feb 9, 2023 at 10:11 AM L. V.
Lammert<l...@omnitec.net> <mailto:l...@omnitec.net> wrote:
>>>>> On Thu, 9 Feb 2023, Mauricio Tavares wrote:
>>>>>
>>>>>> My suggestion is to find which services you
are using and then
>>>>>> where they are writing their logs to. Take a look
at jail.conf (I
>>>>>> forgot to mention that file). Chances are there
are entries for most
>>>>>> of the services there. Case in point, the ssh
services, including
>>>>>> selinux-ssh, it knows of are
>>>>>>
>>>>> It appears that the fail2ban package for Ubuntu 20
is NOT very current.
>>>>> Much simpler to manage if all of the jails are in
separate files in
>>>>> jail.d, .. not in a mile long jail.conf.
>>>>>
>>>>> Also, always confirm the installation of ONLY ssh,
until you know what you
>>>>> need to monitor.
>>>>>
>>>> FYI
>>>>
>>>> raub@some-debian-box:~$ cat
/etc/fail2ban/jail.d/defaults-debian.conf
>>>> [sshd]
>>>> enabled = true
>>>> raub@some-debian-box:~$
>>>>
>>>>> Lee
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
>>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
<https://lists.sourceforge.net/lists/listinfo/fail2ban-users>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> <mailto:Fail2ban-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
<https://lists.sourceforge.net/lists/listinfo/fail2ban-users>
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
"After sleeping through a hundred million centuries we have
finally
opened our eyes on a sumptuous planet, sparkling with color,
bountiful
with life. Within decades we must close our eyes again. Isn't
it a
noble, an enlightened way of spending our brief time in the
sun, to work
at understanding the universe and how we have come to wake up
in it?"
[- Professor Richard Dawkins]
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
