You have been subscribed to a public bug by Jamie Strandboge (jdstrand):
fail2ban correctly does not depend on iptables , since it is possible to
configure it to use only hosts.deny by specifying the
banaction=hostsdeny directive in the /etc/fail2ban/jail.conf file.
Unfortunately the default jail.conf supplied with fail2ban 0.8.2-2 in
Hardy DOES assume iptables is installed, and has banaction=iptables-
multiport as the default action. This is inherited by the SSH ruleset
which is enabled by default.
Unless the user is particularly vigilant about watching the log files,
there is a risk that they will assume fail2ban is now protecting their
system against SSH brute force & dictionary attacks, when in fact it is
doing nothing more than logging error messages (complaining about the
missing iptables) whilst the user's system remains unprotected.
This is particularly pertinent to Ubuntu given its traditional attitude
of favouring closed ports over firewalls.
The /etc/fail2ban/jail.conf supplied by default should be re-written for
Ubuntu such that the default banaction is hostsdeny .
[DEFAULT]
...
#banaction = iptables-multiport
banaction = hostsdeny
Note: The attached patch is MY FIRST ATTEMPT AT WRITING A PATCH. If I've
got it wrong, please help me learn how to get it right (or just point me
at a better howto).
** Affects: fail2ban (Ubuntu)
Importance: Undecided
Status: New
--
fail2ban default config assumes iptables is installed
https://bugs.launchpad.net/bugs/234122
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
