Fail2ban et Rocky

Bonjour tous,

Je viens d’installer un nouveau VPS avec Rocky Linux 8.4 pour tester.
J’ai installé Fail2ban mais impossible de l’activer, il y a énormément de cafouillages.
Du coup, le problème c’est fail2ban en personne qui a trop évolué pour Rocky (CentOS) ?

Pour l’instant, j’ai récupéré tout le dossier /etc/fail2ban sur un autre serveur et je l’ai placé sur ce nouveau serveur en remplacement de ce qui existait.

Du coup ça passe, mais quel est l’avenir ?

Salut,

Tout d’abord mes excuses, j’utilise google translate; donc désolé si ce n’est pas très clair.

Quoi qu’il en soit, je viens d’installer fail2ban sur une nouvelle installation de Rocky.

Configurez une configuration pour ssh :

/etc/fail2ban/jail.d/local.conf:

[DEFAULT]
bantime = 3600
sender = fail2ban@example.com
destemail = root
action = %(action_mwl)s

[sshd]
enabled = true

Tout le reste est par défaut, utilise donc firewalld & systemd
Testé SSH et son fonctionnement comme prévu.

# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor pr>
   Active: active (running) since Wed 2021-07-28 21:24:25 BST; 18min ago
     Docs: man:fail2ban(1)
 Main PID: 13873 (fail2ban-server)
    Tasks: 5 (limit: 11376)
   Memory: 18.8M
   CGroup: /system.slice/fail2ban.service
           └─13873 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start

Jul 28 21:24:25 localhost.localdomain systemd[1]: Starting Fail2Ban Service...
Jul 28 21:24:25 localhost.localdomain systemd[1]: Started Fail2Ban Service.
Jul 28 21:24:26 localhost.localdomain fail2ban-server[13873]: Server ready
# fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	1
|  |- Total failed:	7
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	0
   |- Total banned:	1
   `- Banned IP list:

Veuillez fournir plus de détails sur ce qui échoue ?

Qu’est-ce que /var/log/fail2ban.log rapport?

Merci Tom

RE

Tout d’abord, merci pour la réponse.
Si je comprend bien, une fois installé fail2ban, tu as juste créé le fichier /etc/fail2ban/jail.d/local.conf

[DEFAULT]
bantime = 3600
sender = fail2ban@example.com
destemail = root
action = %(action_mwl)s

[sshd]
enabled = true

Sans rien modifier d’autre ?
Je suppose que tu as lancer fail2ban

systemctl start fail2ban

Ma config est dans jail.conf au lieu local.conf, sans oublier jail.local et fail2ban.conf qu’il a fallu modifier

Veuillez fournir plus de détails sur ce qui échoue ?

Quand j’ai installé fail2ban, je l’ai démarré , puis :

systemctl status fail2ban
[root@vmxxx ~]# systemctl status fail2ban
? fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2021-07-26 04:15:55 EDT; 14min ago
     Docs: man:fail2ban(1)
  Process: 83060 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255)
  Process: 83059 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 83060 (code=exited, status=255)

juil. 26 04:15:54 vmxxx.hosteur.net systemd[1]: Starting Fail2Ban Service...
juil. 26 04:15:54 vmxxx.hosteur.net systemd[1]: Started Fail2Ban Service.
juil. 26 04:15:55 vmxxx.hosteur.net fail2ban-server[83060]: ERROR: File contains no section headers.
juil. 26 04:15:55 vmxxx.hosteur.net fail2ban-server[83060]: file: '/etc/fail2ban/fail2ban.conf', line: 9
juil. 26 04:15:55 vmxxx.hosteur.net fail2ban-server[83060]: 'loglevel = DEBUG\n'
juil. 26 04:15:55 vmxxx.hosteur.net systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/n/a
juil. 26 04:15:55 vmxxx.hosteur.net systemd[1]: fail2ban.service: Failed with result 'exit-code'.

C’est pour ça qu’on a eu l’idée d’échanger de dossier.

Qu’est-ce que /var/log/fail2ban.log rapport?

2021-07-26 11:21:26,048 fail2ban.server [83426]: INFO --------------------------------------------------
2021-07-26 11:21:26,048 fail2ban.server [83426]: INFO Starting Fail2ban v0.11.2
2021-07-26 11:21:26,050 fail2ban.observer [83426]: INFO Observer start…
2021-07-26 11:21:26,056 fail2ban.database [83426]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’
2021-07-26 11:21:26,061 fail2ban.database [83426]: WARNING New database created. Version ‘4’
2021-07-26 11:21:26,062 fail2ban.jail [83426]: INFO Creating new jail ‘sshd’
2021-07-26 11:21:26,083 fail2ban.jail [83426]: INFO Jail ‘sshd’ uses systemd {}
2021-07-26 11:21:26,084 fail2ban.jail [83426]: INFO Initiated ‘systemd’ backend
2021-07-26 11:21:26,085 fail2ban.filter [83426]: INFO maxLines: 10
2021-07-26 11:21:26,187 fail2ban.filtersystemd [83426]: INFO [sshd] Added journal match for: ‘_SYSTEMD_UNIT=sshd.service + _COMM=sshd’
2021-07-26 11:21:26,187 fail2ban.filter [83426]: INFO maxRetry: 3
2021-07-26 11:21:26,187 fail2ban.filter [83426]: INFO findtime: 86400
2021-07-26 11:21:26,188 fail2ban.actions [83426]: INFO banTime: 86400
2021-07-26 11:21:26,188 fail2ban.filter [83426]: INFO encoding: UTF-8
2021-07-26 11:21:26,189 fail2ban.jail [83426]: INFO Creating new jail ‘x-ban’
2021-07-26 11:21:26,189 fail2ban.jail [83426]: INFO Jail ‘x-ban’ uses systemd {}
2021-07-26 11:21:26,190 fail2ban.jail [83426]: INFO Initiated ‘systemd’ backend
2021-07-26 11:21:26,194 fail2ban.filter [83426]: INFO maxRetry: 3
2021-07-26 11:21:26,195 fail2ban.filter [83426]: INFO findtime: 86400
2021-07-26 11:21:26,195 fail2ban.actions [83426]: INFO banTime: 86400
2021-07-26 11:21:26,195 fail2ban.filter [83426]: INFO encoding: UTF-8
2021-07-26 11:21:26,196 fail2ban.jail [83426]: INFO Creating new jail ‘dovecot’
2021-07-26 11:21:26,196 fail2ban.jail [83426]: INFO Jail ‘dovecot’ uses systemd {}
2021-07-26 11:21:26,197 fail2ban.jail [83426]: INFO Initiated ‘systemd’ backend
2021-07-26 11:21:26,211 fail2ban.datedetector [83426]: INFO date pattern '': {^LN-BEG}TAI64N
2021-07-26 11:21:26,211 fail2ban.filtersystemd [83426]: INFO [dovecot] Added journal match for: ‘_SYSTEMD_UNIT=dovecot.service’
2021-07-26 11:21:26,212 fail2ban.filter [83426]: INFO maxRetry: 5
2021-07-26 11:21:26,212 fail2ban.filter [83426]: INFO findtime: 86400
2021-07-26 11:21:26,212 fail2ban.actions [83426]: INFO banTime: 86400
2021-07-26 11:21:26,212 fail2ban.filter [83426]: INFO encoding: UTF-8
2021-07-26 11:21:26,213 fail2ban.jail [83426]: INFO Creating new jail ‘postfix-sasl’
2021-07-26 11:21:26,213 fail2ban.jail [83426]: INFO Jail ‘postfix-sasl’ uses systemd {}
2021-07-26 11:21:26,214 fail2ban.jail [83426]: INFO Initiated ‘systemd’ backend
2021-07-26 11:21:26,219 fail2ban.filtersystemd [83426]: INFO [postfix-sasl] Added journal match for: ‘_SYSTEMD_UNIT=postfix.service’
2021-07-26 11:21:26,219 fail2ban.filter [83426]: INFO maxRetry: 3
2021-07-26 11:21:26,220 fail2ban.filter [83426]: INFO findtime: 86400
2021-07-26 11:21:26,220 fail2ban.actions [83426]: INFO banTime: 604800
2021-07-26 11:21:26,220 fail2ban.filter [83426]: INFO encoding: UTF-8
2021-07-26 11:21:26,226 fail2ban.filter [83426]: WARNING [sshd] Simulate NOW in operation since found time has too large deviation 1627286669.278524 ~ 1627312886.226111 +/- 60
2021-07-26 11:21:26,226 fail2ban.filter [83426]: WARNING [sshd] Please check jail has possibly a timezone issue. Line with odd timestamp: (’’, ‘2021-07-26T04:04:29.278524’, ‘vm6-10.hosteur.net sshd[82936]: Accepted password for root from 85.171.104.203 port 59099 ssh2’)
2021-07-26 11:21:26,266 fail2ban.jail [83426]: INFO Jail ‘sshd’ started
2021-07-26 11:21:26,266 fail2ban.filtersystemd [83426]: NOTICE Jail started without ‘journalmatch’ set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2021-07-26 11:21:26,269 fail2ban.filter [83426]: WARNING [x-ban] Simulate NOW in operation since found time has too large deviation 1627227097.905816 ~ 1627312886.269148 +/- 60
2021-07-26 11:21:26,269 fail2ban.filter [83426]: WARNING [x-ban] Please check jail has possibly a timezone issue. Line with odd timestamp: (’’, ‘2021-07-25T11:31:37.905816’, ‘vm6-10.hosteur.net systemd[1]: Starting Cleanup of Temporary Directories…’)
2021-07-26 11:21:26,300 fail2ban.jail [83426]: INFO Jail ‘x-ban’ started
2021-07-26 11:21:26,303 fail2ban.jail [83426]: INFO Jail ‘dovecot’ started
2021-07-26 11:21:26,308 fail2ban.jail [83426]: INFO Jail ‘postfix-sasl’ started
2021-07-26 11:21:26,423 fail2ban.filter [83426]: INFO [sshd] Found 85.171.104.203 - 2021-07-26 11:21:26
2021-07-26 11:21:26,424 fail2ban.filter [83426]: INFO [sshd] Found 85.171.104.203 - 2021-07-26 11:21:26
2021-07-26 11:21:26,425 fail2ban.filter [83426]: INFO [sshd] Found 85.171.104.203 - 2021-07-26 11:21:26
2021-07-26 11:21:26,438 fail2ban.filter [83426]: INFO [sshd] Found 93.21.95.76 - 2021-07-26 11:21:26
2021-07-26 11:21:26,439 fail2ban.filter [83426]: INFO [sshd] Found 93.21.95.76 - 2021-07-26 11:21:26
2021-07-26 11:21:26,466 fail2ban.actions [83426]: NOTICE [sshd] Ban 85.171.104.203
2021-07-26 11:43:28,896 fail2ban.transmitter [83426]: WARNING Command [‘status’, ‘jail-ssh’] has failed. Received UnknownJailException(‘jail-ssh’,)
2021-07-26 11:44:10,555 fail2ban.actions [83426]: NOTICE [sshd] Unban 85.171.104.203
2021-07-26 12:05:44,440 fail2ban.server [83426]: INFO Shutdown in progress…
2021-07-26 12:05:44,441 fail2ban.observer [83426]: INFO Observer stop … try to end queue 5 seconds
2021-07-26 12:05:44,462 fail2ban.observer [83426]: INFO Observer stopped, 0 events remaining.
2021-07-26 12:05:44,502 fail2ban.server [83426]: INFO Stopping all jails
2021-07-26 12:05:44,615 fail2ban.actions [83426]: NOTICE [dovecot] Flush ticket(s) with iptables-multiport
2021-07-26 12:05:44,616 fail2ban.actions [83426]: NOTICE [postfix-sasl] Flush ticket(s) with iptables-multiport
2021-07-26 12:05:44,616 fail2ban.actions [83426]: NOTICE [x-ban] Flush ticket(s) with iptables-multiport
2021-07-26 12:05:44,846 fail2ban.actions [83426]: NOTICE [sshd] Flush ticket(s) with iptables
2021-07-26 12:05:44,890 fail2ban.jail [83426]: INFO Jail ‘sshd’ stopped
2021-07-26 12:05:44,891 fail2ban.jail [83426]: INFO Jail ‘x-ban’ stopped
2021-07-26 12:05:44,891 fail2ban.jail [83426]: INFO Jail ‘dovecot’ stopped
2021-07-26 12:05:44,891 fail2ban.jail [83426]: INFO Jail ‘postfix-sasl’ stopped
2021-07-26 12:05:44,892 fail2ban.database [83426]: INFO Connection to database closed.
2021-07-26 12:05:44,893 fail2ban.server [83426]: INFO Exiting Fail2ban
2021-07-26 12:05:45,275 fail2ban.server [83683]: INFO --------------------------------------------------
2021-07-26 12:05:45,275 fail2ban.server [83683]: INFO Starting Fail2ban v0.11.2
2021-07-26 12:05:45,276 fail2ban.observer [83683]: INFO Observer start…
2021-07-26 12:05:45,279 fail2ban.database [83683]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’
2021-07-26 12:05:45,280 fail2ban.jail [83683]: INFO Creating new jail ‘sshd’
2021-07-26 12:05:45,293 fail2ban.jail [83683]: INFO Jail ‘sshd’ uses systemd {}
2021-07-26 12:05:45,294 fail2ban.jail [83683]: INFO Initiated ‘systemd’ backend
2021-07-26 12:05:45,294 fail2ban.filter [83683]: INFO maxLines: 10
2021-07-26 12:05:45,355 fail2ban.filtersystemd [83683]: INFO [sshd] Added journal match for: ‘_SYSTEMD_UNIT=sshd.service + _COMM=sshd’
2021-07-26 12:05:45,355 fail2ban.filter [83683]: INFO maxRetry: 3
2021-07-26 12:05:45,356 fail2ban.filter [83683]: INFO findtime: 86400
2021-07-26 12:05:45,356 fail2ban.actions [83683]: INFO banTime: 86400
2021-07-26 12:05:45,356 fail2ban.filter [83683]: INFO encoding: UTF-8
2021-07-26 12:05:45,356 fail2ban.jail [83683]: INFO Creating new jail ‘x-ban’
2021-07-26 12:05:45,357 fail2ban.jail [83683]: INFO Jail ‘x-ban’ uses systemd {}
2021-07-26 12:05:45,357 fail2ban.jail [83683]: INFO Initiated ‘systemd’ backend
2021-07-26 12:05:45,359 fail2ban.filter [83683]: INFO maxRetry: 3
2021-07-26 12:05:45,359 fail2ban.filter [83683]: INFO findtime: 86400
2021-07-26 12:05:45,359 fail2ban.actions [83683]: INFO banTime: 86400
2021-07-26 12:05:45,359 fail2ban.filter [83683]: INFO encoding: UTF-8
2021-07-26 12:05:45,360 fail2ban.jail [83683]: INFO Creating new jail ‘dovecot’
2021-07-26 12:05:45,360 fail2ban.jail [83683]: INFO Jail ‘dovecot’ uses systemd {}
2021-07-26 12:05:45,360 fail2ban.jail [83683]: INFO Initiated ‘systemd’ backend
2021-07-26 12:05:45,368 fail2ban.datedetector [83683]: INFO date pattern '': {^LN-BEG}TAI64N
2021-07-26 12:05:45,368 fail2ban.filtersystemd [83683]: INFO [dovecot] Added journal match for: ‘_SYSTEMD_UNIT=dovecot.service’
2021-07-26 12:05:45,368 fail2ban.filter [83683]: INFO maxRetry: 5
2021-07-26 12:05:45,369 fail2ban.filter [83683]: INFO findtime: 86400
2021-07-26 12:05:45,369 fail2ban.actions [83683]: INFO banTime: 86400
2021-07-26 12:05:45,369 fail2ban.filter [83683]: INFO encoding: UTF-8
2021-07-26 12:05:45,369 fail2ban.jail [83683]: INFO Creating new jail ‘postfix-sasl’
2021-07-26 12:05:45,369 fail2ban.jail [83683]: INFO Jail ‘postfix-sasl’ uses systemd {}
2021-07-26 12:05:45,370 fail2ban.jail [83683]: INFO Initiated ‘systemd’ backend
2021-07-26 12:05:45,373 fail2ban.filtersystemd [83683]: INFO [postfix-sasl] Added journal match for: ‘_SYSTEMD_UNIT=postfix.service’
2021-07-26 12:05:45,373 fail2ban.filter [83683]: INFO maxRetry: 3
2021-07-26 12:05:45,373 fail2ban.filter [83683]: INFO findtime: 86400
2021-07-26 12:05:45,373 fail2ban.actions [83683]: INFO banTime: 604800
2021-07-26 12:05:45,374 fail2ban.filter [83683]: INFO encoding: UTF-8
2021-07-26 12:05:45,378 fail2ban.jail [83683]: INFO Jail ‘sshd’ started
2021-07-26 12:05:45,379 fail2ban.filtersystemd [83683]: NOTICE Jail started without ‘journalmatch’ set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2021-07-26 12:05:45,382 fail2ban.jail [83683]: INFO Jail ‘x-ban’ started
2021-07-26 12:05:45,383 fail2ban.jail [83683]: INFO Jail ‘dovecot’ started
2021-07-26 12:05:45,385 fail2ban.jail [83683]: INFO Jail ‘postfix-sasl’ started

Merci

Bonjour,

Veuillez fournir le contenu de jail.local et fail2ban.conf

Merci

RE

jail.local

[sshd]
enabled = true
action = iptables[name=sshd, port=ssh, protocol=tcp]
maxretry = 3

#[pure-ftpd]
#enabled = true
#action = iptables[name=FTP, port=ftp, protocol=tcp]
#maxretry = 3

[dovecot]
enabled = true
action = iptables-multiport[name=dovecot, port=“pop3,pop3s,imap,imaps”, protocol=tcp]
maxretry = 5

[postfix-sasl]
enabled = true
action = iptables-multiport[name=postfix-sasl, port=“smtp,smtps,submission”, protocol=tcp]
maxretry = 3

[x-ban]
enabled = true
action = iptables-multiport[name=x-ban, port=“http,https,webcache”, protocol=tcp]
maxretry = 3

fail2ban.conf
Désolé, j’arrive pas à le mettre en petit et il manque tous le #

Fail2Ban main configuration file

Comments: use ‘#’ for comment lines and ‘;’ (following a space) for inline comments

Changes: in most of the cases you should not modify this

file, but provide customizations in fail2ban.local file, e.g.:

[Definition]

loglevel = DEBUG

[Definition]

Option: loglevel

Notes.: Set the log level output.

CRITICAL

ERROR

WARNING

NOTICE

INFO

DEBUG

Values: [ LEVEL ] Default: ERROR

loglevel = INFO

Option: logtarget

Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.

Only one log target can be specified.

If you change logtarget from the default value and you are

using logrotate – also adjust or disable rotation in the

corresponding configuration file

(e.g. /etc/logrotate.d/fail2ban on Debian systems)

Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR

logtarget = /var/log/fail2ban.log

Option: syslogsocket

Notes: Set the syslog socket file. Only used when logtarget is SYSLOG

auto uses platform.system() to determine predefined paths

Values: [ auto | FILE ] Default: auto

syslogsocket = auto

Option: socket

Notes.: Set the socket file. This is used to communicate with the daemon. Do

not remove this file when Fail2ban runs. It will not be possible to

communicate with the server afterwards.

Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock

socket = /var/run/fail2ban/fail2ban.sock

Option: pidfile

Notes.: Set the PID file. This is used to store the process ID of the

fail2ban server.

Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid

pidfile = /var/run/fail2ban/fail2ban.pid

Options: dbfile

Notes.: Set the file for the fail2ban persistent data to be stored.

A value of “:memory:” means database is only stored in memory

and data is lost when fail2ban is stopped.

A value of “None” disables the database.

Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3

dbfile = /var/lib/fail2ban/fail2ban.sqlite3

Options: dbpurgeage

Notes.: Sets age at which bans should be purged from the database

Values: [ SECONDS ] Default: 86400 (24hours)

dbpurgeage = 648000

Salut,

Je ne vois rien de mal avec l’un d’eux. Mais systemctl status fail2ban se plaint de fail2ban.conf, je suggère de restaurer la version par défaut de ce fichier. Ensuite, voyez si fail2ban démarre.

Merci

RE

OK mais je ne pourrais faire le test que lundi.
Bon week-end.

1 Like

Bonjour tjdoyle,

J’ai voulu faire le test sauf que …

yum remove fail2ban

Normal pour désinstaller fail2ban, plus j’ai enlever le dossier /etc/fail2ban et aussi le fichier /var/log/fail2ban.log.
Pour me retrouver comme avant et avoir :

[root@xxx ~]# systemctl status fail2ban
? fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2021-07-26 10:06:38 EDT; 23s ago

Ce qui me permettrais de faire comme tu m’as conseillé.
Et bien non, je me retrouve avec :

[root@vmxxx ~]# systemctl status fail2ban
? fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-08-01 05:03:23 EDT; 23s ago

Est-ce qu’il y a d’autre dossier ou fichier à désinstallé en même temps que fail2ban.
Pour pouvoir faire le test ?

Most likely due to the ? symbol, you need to refresh systemd, so:

systemctl daemon-reload

then when running systemctl status fail2ban a second time, the old service that has been removed should disappear and no longer show any information using the status command.

1 Like

Bonjour iwalker,

C’est pareil.
Quand je désinstalle fail2ban, il doit rester quelques chose quelque part.
Ce qui fait que je ne peux me retrouver comme avant son installation.
J’ai aussi essayé :

yum remove --auto-remove fail2ban

[root@vmxxx ~]# yum remove --auto-remove fail2ban
usage: yum remove [-c [config file]] [-q] [-v] [–version]
[–installroot [path]] [–nodocs] [–noplugins]
[–enableplugin [plugin]] [–disableplugin [plugin]]
[–releasever RELEASEVER] [–setopt SETOPTS] [–skip-broken]
[-h] [–allowerasing] [-b | --nobest] [-C] [-R [minutes]]
[-d [debug level]] [–debugsolver] [–showduplicates]
[-e ERRORLEVEL] [–obsoletes]
[–rpmverbosity [debug level name]] [-y] [–assumeno]
[–enablerepo [repo]] [–disablerepo [repo] | --repo [repo]]
[–enable | --disable] [-x [package]]
[–disableexcludes [repo]] [–repofrompath [repo,path]]
[–noautoremove] [–nogpgcheck] [–color COLOR] [–refresh]
[-4] [-6] [–destdir DESTDIR] [–downloadonly]
[–comment COMMENT] [–bugfix] [–enhancement]
[–newpackage] [–security] [–advisory ADVISORY]
[–bz BUGZILLA] [–cve CVES]
[–sec-severity {Critical,Important,Moderate,Low}]
[–forcearch ARCH] [–duplicates | --oldinstallonly]
[PAQUET [PAQUET …]]
yum remove: error: unrecognized arguments: --auto-remove

Mais ça ne donne rien, faut que je relance :

yum remove fail2ban

then when running systemctl status fail2ban a second time, the old service that has been removed should disappear and no longer show any information using the status command.

Avec ou sans

systemctl daemon-reload

j’ai bien :

Blockquote[root@vmxxx ~]# systemctl status fail2ban
Unit fail2ban.service could not be found.

Hi,

This is fine, it will not be found when deleted, so this is better than before. Only places to find anything left behind for fail2ban is /etc/fail2ban and perhaps log directories/files in /var/log.

For new installation of fail2ban, the best way to use fail2ban is this:

dnf install fail2ban
cd /etc/fail2ban
cp jail.conf jail.local

we edit jail.local with vi or nano for example, and any changes we want to use, we make in jail.local. It is recommended not to edit jail.conf. Changes in jail.local will override jail.conf. This is what I do on all my systems with fail2ban. An example of changes made to my jail.local:

root@web:~# tail -6 /etc/fail2ban/jail.local
[redmine]
enabled = true
filter = redmine
port = 80,443
action = iptables-allports[name=redmine]
logpath = /var/www/redmine/log/production.log

I hope that will help for you to get fail2ban working successfully. After making changes to jail.local check /var/log/fail2ban.log for errors as this will help find out if any changes you make to fail2ban are not formatted properly.

RE

Merci pour la réponse.
Je regarde ça demain au calme.

A+

Bonjour iwalker,

J’ai réinstallé fail2ban comme proposé :

dnf install fail2ban
cd /etc/fail2ban
cp jail.conf jail.local

Ensuite :

systemctl start fail2ban

systemctl enable fail2ban

systemctl status fail2ban

[root@vmxxx ~]# systemctl status fail2ban
? fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-08-05 02:09:06 EDT; 8min ago
Docs: man:fail2ban(1)
Main PID: 103902 (fail2ban-server)
Tasks: 3 (limit: 11393)
Memory: 12.4M
CGroup: /system.slice/fail2ban.service
±103902 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start

Je ne trouve pas jail.local :

144

A+

1 Like

I just tried on mine, here are results:

[root@rocky ~]# rpm -qa | grep fail2ban | sort
fail2ban-0.11.2-1.el8.noarch
fail2ban-firewalld-0.11.2-1.el8.noarch
fail2ban-sendmail-0.11.2-1.el8.noarch
fail2ban-server-0.11.2-1.el8.noarch

these are all packages installed on my system related to fail2ban. No i check and copy jail.conf to jail.local and make sure it exists:

[root@rocky ~]# cd /etc/fail2ban/

[root@rocky fail2ban]# ls
action.d  fail2ban.conf  fail2ban.d  filter.d  jail.conf  jail.d  paths-common.conf  paths-fedora.conf

[root@rocky fail2ban]# cp jail.conf jail.local

[root@rocky fail2ban]# ls
action.d  fail2ban.conf  fail2ban.d  filter.d  jail.conf  jail.d  jail.local  paths-common.conf  paths-fedora.conf

and then I enable and start fail2ban:

[root@rocky fail2ban]# systemctl enable fail2ban
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.

[root@rocky fail2ban]# systemctl start fail2ban

[root@rocky fail2ban]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-08-05 15:14:55 CEST; 3s ago
     Docs: man:fail2ban(1)
  Process: 1492 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 1493 (fail2ban-server)
    Tasks: 3 (limit: 12308)
   Memory: 14.3M
   CGroup: /system.slice/fail2ban.service
           └─1493 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start

Aug 05 15:14:55 rocky systemd[1]: Starting Fail2Ban Service...
Aug 05 15:14:55 rocky systemd[1]: Started Fail2Ban Service.
Aug 05 15:14:55 rocky fail2ban-server[1493]: Server ready

so the service is loaded and running OK. I then verify jail.local exists:

[root@rocky fail2ban]# ls -lha
total 100K
drwxr-xr-x    6 root root 4.0K Aug  5 15:14 .
drwxr-xr-x. 145 root root  12K Aug  5 15:14 ..
drwxr-xr-x    2 root root 4.0K Aug  4 16:10 action.d
-rw-r--r--    1 root root 2.8K Nov 24  2020 fail2ban.conf
drwxr-xr-x    2 root root 4.0K Nov 24  2020 fail2ban.d
drwxr-xr-x    3 root root 4.0K Aug  4 16:10 filter.d
-rw-r--r--    1 root root  25K Nov 24  2020 jail.conf
drwxr-xr-x    2 root root 4.0K Aug  4 16:10 jail.d
-rw-r--r--    1 root root  25K Aug  5 15:14 jail.local
-rw-r--r--    1 root root 2.8K Nov 24  2020 paths-common.conf
-rw-r--r--    1 root root  930 Nov 24  2020 paths-fedora.conf
[root@rocky fail2ban]# 

and the file is present. Your systemctl status reports the same info as mine, so it means the service is running. All these commands were done as root user.

If your service fail2ban doesn’t start, then it will sometimes need to be refreshed using systemctl daemon-reload, so for example in that case the full installation steps would be:

dnf install fail2ban
cd /etc/fail2ban
cp jail.conf jail.local
systemctl daemon-reload
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban

of course, then for enabling/disabling functions for fail2ban, you edit jail.local. Only changes should usually be made in this file.

RE

Je suis obligé de couper des liens à cause de : Sorry, new users can only put 2 links in a post.

J’ai refait toutes les commandes, il manque juste une ligne …

[root@vmxxx ~]# rpm -qa | grep fail2ban | sort
fail2ban-0.11.2-1.el8.noarch
fail2ban-firewalld-0.11.2-1.el8.noarch
fail2ban-sendmail-0.11.2-1.el8.noarch
fail2ban-server-0.11.2-1.el8.noarch

[root@vmxxx ~]# cd /etc/fail2ban/

[root@vmxxx fail2ban]# ls
action.d fail2ban.conf fail2ban.d filter.d jail.conf jail.d paths-common.conf paths-fedora.conf

[root@vmxxx fail2ban]# cp jail.conf jail.local

[root@vmxxx fail2ban]# ls
action.d fail2ban.conf fail2ban.d filter.d jail.conf jail.d jail.local paths-common.conf paths-fedora.conf

[root@vmxxx fail2ban]# systemctl enable fail2ban

Et là, il me manque :

Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.

J’ai continué

[root@vmxxx fail2ban]# systemctl start fail2ban

[root@vmxxx fail2ban]# systemctl status fail2ban
? fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-08-05 02:09:06 EDT; 7h ago
Docs: man:fail2ban(1)
Main PID: 103902 (fail2ban-server)
Tasks: 3 (limit: 11393)
Memory: 12.4M
CGroup: /system.slice/fail2ban.service
±103902 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start

[root@vmxxx fail2ban]# ls -lha
total 92K
drwxr-xr-x 6 root root 176 5 août 09:28 .
drwxr-xr-x. 81 root root 8,0K 5 août 02:05 …
drwxr-xr-x 2 root root 4,0K 5 août 02:05 action.d
-rw-r–r-- 1 root root 2,8K 24 nov. 2020 fail2ban.conf
drwxr-xr-x 2 root root 6 24 nov. 2020 fail2ban.d
drwxr-xr-x 3 root root 4,0K 5 août 02:05 filter.d
-rw-r–r-- 1 root root 25K 24 nov. 2020 jail.conf
drwxr-xr-x 2 root root 31 5 août 02:05 jail.d
-rw-r–r-- 1 root root 25K 5 août 09:28 jail.local
-rw-r–r-- 1 root root 2,8K 24 nov. 2020 paths-common.conf
-rw-r–r-- 1 root root 930 24 nov. 2020 paths-fedora.conf

Et cette fois, j’ai bien le fichier jail.local.

Great. So fail2ban started. Now, above from one of your posts, enable in jail.local each of these options. But not all at the same time. First enable sshd. Then restart fail2ban. If all is good, then enable dovecot and restart fail2ban. If still working, then enable postfix-sasl and restart fail2ban.

I never saw x-ban before, so if this is something that you added manually, then we might need to fix this to get it working if fail2ban stops working when this is added to jail.local.

RE

First enable sshd.
enable dovecot
enable postfix-sasl
Ok, je vais m’y mettre.

ATTENTION, le jail.local au-dessus, c’est l’ancien, depuis que j’ai refait les manipulations, le nouveau jail-local ressemble à jail.conf

I never saw x-ban before, so if this is something that you added manually

C’est une création. Cette jail banni pour 24 heures les connexions HTTP (ports 80, 443 & 8080).

Yes after copying jail.conf to jail.local it will be the same. Then we just edit jail.local for the changes we want to use.

OK, so make sure in /etc/fail2ban/filter.d that there is a file for x-ban.conf - as this matches the name given in jail.local - so: [x-ban]

RE

Je vais un peu vite. Avant d’activer tout ça, je vais refaire les manipulations depuis le début, donc désinstaller et réinstaller mais avec :

Je prefere perdre un peu de temps maintenant que beaucoup après parce que je vais trop vite :wink: