I will try that. Thank you. Em qui., 9 de fev. de 2023 às 16:48, Nick Howitt via Fail2ban-users < fail2ban-users@lists.sourceforge.net> escreveu:
> I have a bunch of configlets in jail.d such as: > /etc/fail2ban/jail.d/cyrus-imap.conf: > [cyrus-imap] > enabled = true > port = imap,imap3,imaps,pop3,pop3s > maxretry = 1 > bantime = 432000 > findtime = 86400 > > And I do all my enabling like that. > > On 09/02/2023 19:36, fail2ban--- via Fail2ban-users wrote: > > Hi Nick. > > I'm do not agree it's misinformation but otherwise You're right > (below taken from top of jail.conf file) > > # HOW TO ACTIVATE JAILS: > # > # YOU SHOULD NOT MODIFY THIS FILE. > # > # It will probably be overwritten or improved in a distribution update. > # > # Provide customizations in a jail.local file or a > jail.d/customisation.local. > # For example to change the default bantime for all jails and to enable > the > # ssh-iptables jail the following (uncommented) would appear in the .local > file. > # See man 5 jail.conf for details. > > > /Finn > > > Den 09-02-2023 kl. 19:59 skrev Nick Howitt via Fail2ban-users: > > There is some misinformation here. Jails can be enabled via configlets in > jail.d/ as well as overrides in jail.local. > > Anyway, what is your full jail config in jail.local? All you need is: > [sshd] > enabled = true > > It will pull everything else from jail.conf. Anything else you put here > will override anything in jail.conf so it is up to you if you want to > accept the default settings in jail.conf or override them. > > > On 09/02/2023 18:45, Marcos A.T. Silva wrote: > > Hi Finn, > > Understood. Thank you very much. :) > > I think I'll learn this one day. Well, it seems things are starting to > work here. > > So, do you know how can I make sure that a jail is really running? > Because, for example, I've enabled the sshd jail. The enabled jail is as > below: > > ``` > #mode = normal > port = ssh > logpath = %(sshd_log)s > backend = %(sshd_backend)s > enabled = true > ``` > > Is the above jail correct? Do I have to put a "filter" part there or > uncomment the #mode? > > Well, I don't know if I am testing it right. But, for example, if I run > `fail2ban-client status sshd` I receive the below output: > > ``` > Status for the jail: sshd > |- Filter > | |- Currently failed: 1 > | |- Total failed: 1 > | `- File list: /var/log/auth.log > `- Actions > |- Currently banned: 0 > |- Total banned: 0 > `- Banned IP list: > > ``` > > But I think I've tried to login at the server with a wrong passphrase for > my SSH key twice, and Fail2Ban is only displaying one attempt. Is this > correct? > > Thanks again, and sorry for the disturbance. > > Em qui., 9 de fev. de 2023 às 15:34, fail2ban--- via Fail2ban-users > <fail2ban-users@lists.sourceforge.net> > <fail2ban-users@lists.sourceforge.net> escreveu: > > Hi Marcos > > jail.conf is holding the default settings for the jails > > jail.local is where You make Your own settings and customizations. > > When You update fail2ban jail.conf may be altered but jail.local will > not and therfore settings (enabled kails etc. will be safe) > > A good idea is to read through the /etc/fail2ban/*.conf files > since the > makers has included a lot of informations between the lines - some > are > difficult to understand the first time but eventually You will get > better knowledge and understanding of this nice and GREAT tool. > > Regards, > /Finn > > > Den 09-02-2023 kl. 19:05 skrev Marcos A.T. Silva: > > Well, I have installed Fail2Ban from my own once I get this new > Ubuntu > > server. I am using Ubuntu 20.04. > > > > I only got this working by setting jails as enabled in the > jail.local > > file. The individual files in jail.d directory don't work. > > > > Em qui., 9 de fev. de 2023 às 14:44, Nick Howitt via Fail2ban-users > > <fail2ban-users@lists.sourceforge.net > > <mailto:fail2ban-users@lists.sourceforge.net> > <fail2ban-users@lists.sourceforge.net>> escreveu: > > > > Surely jail.conf should be left in place as it it supplies some > > defaults, especially if you are using a distro packaged > version? I > > don't think any jails are enabled by default but it may > depend on > > the distro. > > > > Then use jail.local or files in jail.d/ to enable particular > filters. > > > > Nick > > > > On 09/02/2023 17:31, Mauricio Tavares wrote: > >> On Thu, Feb 9, 2023 at 12:11 PM Marcos A.T. > Silva<marcos...@gmail.com> <marcos...@gmail.com> > <mailto:marcos...@gmail.com> <marcos...@gmail.com> wrote: > >>> Hi there, > >>> > >>> I really can't find enough words to express my gratitude > to you all guys. :) > >>> > >>> I think I am finally putting this to work. > >>> > >>> All your suggestions and help made me understand, I think, > how that works. > >>> > >>> I've done the following: > >>> > >>> 1) Once, for what I understood, jail.local always > overrides jail.conf, I left all jails disabled (false) on > jail.local. After that, I've renamed jail.conf to > jail.conf.unused, as Lee suggested. > >>> > >> AFAIK jail.conf does not turn anything on; that is > the job of > >> jail.local and/or jail.d/something-here.conf > >> > >>> 2) Now I created a sshd.conf file in /etc/fail2ban/jail.d > and put there only the content regarding the sshd jail that was in > my jail.local, enabling this jail. > >>> > >>> 3) Finally I tried to start Fail2Ban and it worked! Thank you! > >>> > >>> Well, I noticed (maybe I am wrong, of course) that I need > to use both `sudo fail2ban-client start` and `sudo systemctl start > fail2ban` to make it start and be enabled. Is that right? > >>> > >> systemctl start fail2ban should have sufficed. > >> > >>> But I rebooted the server and systemctl status shows me > that Fail2Ban is still active. > >>> > >>> Another question, if possible: now I have only sshd jail > active, as per the above procedures. Is there a way to check if it > is really running? > >>> > >> fail2ban-client status sshd > >> > >>> Thanks again. > >>> > >>> Em qui., 9 de fev. de 2023 às 12:13, Mauricio > Tavares<raubvo...@gmail.com> <raubvo...@gmail.com> > <mailto:raubvo...@gmail.com> <raubvo...@gmail.com> escreveu: > >>>> On Thu, Feb 9, 2023 at 10:11 AM L. V. > Lammert<l...@omnitec.net> <l...@omnitec.net> <mailto:l...@omnitec.net> > <l...@omnitec.net> wrote: > >>>>> On Thu, 9 Feb 2023, Mauricio Tavares wrote: > >>>>> > >>>>>> My suggestion is to find which services you are > using and then > >>>>>> where they are writing their logs to. Take a look at > jail.conf (I > >>>>>> forgot to mention that file). Chances are there are > entries for most > >>>>>> of the services there. Case in point, the ssh services, > including > >>>>>> selinux-ssh, it knows of are > >>>>>> > >>>>> It appears that the fail2ban package for Ubuntu 20 is > NOT very current. > >>>>> Much simpler to manage if all of the jails are in > separate files in > >>>>> jail.d, .. not in a mile long jail.conf. > >>>>> > >>>>> Also, always confirm the installation of ONLY ssh, until > you know what you > >>>>> need to monitor. > >>>>> > >>>> FYI > >>>> > >>>> raub@some-debian-box:~$ cat > /etc/fail2ban/jail.d/defaults-debian.conf > >>>> [sshd] > >>>> enabled = true > >>>> raub@some-debian-box:~$ > >>>> > >>>>> Lee > >> _______________________________________________ > >> Fail2ban-users mailing list > >> Fail2ban-users@lists.sourceforge.net > <mailto:Fail2ban-users@lists.sourceforge.net> > <Fail2ban-users@lists.sourceforge.net> > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users> > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users> > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > <mailto:Fail2ban-users@lists.sourceforge.net> > <Fail2ban-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users> > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users> > > > > > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- "After sleeping through a hundred million centuries we have > finally > opened our eyes on a sumptuous planet, sparkling with color, > bountiful > with life. Within decades we must close our eyes again. Isn't it a > noble, an enlightened way of spending our brief time in the sun, > to work > at understanding the universe and how we have come to wake up in it?" > [- Professor Richard Dawkins] > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
