These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Fail2Ban Module on CentOS 6.6 may be broken on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy, ok sorry for responding to my own post. The Fail2Ban Module seems to have a problem with virtual server logs. By using the path
/var/log/virtualmin/*error_logthe log file error stops. This explained part of the errors from my previous post, but I still believe the Module is broken, as Enable-->Yes will not give the user a functioning F2B config.Thanks, Joe
Aha, someone noticed that! I was planning to make a formal announcement about those docs here shortly, I was hoping to do just a tad more testing beforehand. But maybe you can help! :-)
I'll go try and reproduce that issue on Debian and Ubuntu, but my CentOS VM is being troublesome at the moment, which has made it hard to test in that environment.
I'll also take a look at the Dovecot configuration (which I hadn't tried at all on any distro), and see if we can get some sample configuration to use. Thanks for pointing that out.
So I wanted to ask, while you can't enable a jail, did the CentOS steps work properly otherwise? If you log in too many times via SSH, is that properly blocking the host you tried to log in from?
-Eric
Howdy Eric, yes the install went fine. Also it works as expected, from minutes after install it will blocked ssh attacks. For the record I made my own jail.local for the time being, but if you need testing i will rename or remove that file. To help you look closer, when you are in the module most all of the configs in Filter Action Jails are empty... The Module doesn't seem to find the default info to populate the FAJ to a useable set-up.
Thanks, Joe
Howdy,
Hmm, where did you end up setting those Virtualmin log files?
As far as the Filter Action Jails go... that is unfortunate! It sounds like that's how the jail.conf comes with that particular repository. I'm not sure how best to address that at the moment.
I'll offer that in the jail.conf I have on Ubuntu, the Dovecot section looks like this:
[dovecot]
enabled = true
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail.log
The Postfix section looks like this:
[postfix]
enabled = false
port = smtp,ssmtp,submission
filter = postfix
logpath = /var/log/mail.log
And the pam-generic section looks like this:
[pam-generic]
enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
Since it doesn't sound like those work out of the box, perhaps we ought to describe how to setup those services on CentOS in the documentation you were reading.
Out of curiosity, which services would you like to be able to use?
-Eric
Hi Eric, here is what my jail.conf looks like, SSH section:
At the top of this file it states "YOU SHOULD NOT MODIFY THIS FILE.", as this file could change between updates and suggests to use a jail.local or place a custom file in /jail.d directory. If you go to the
Module-->Filter Action Jails-->SSHand try to enable this action, the error about paths for log files will occur. Also, per my OP the config is not migrated with ports or actions(iptables), only the non working path.So what I did is create a custom jail.local with the following to get the SSH to work:
Hope this helps Eric. Do you think trying a reinstall of F2B could help? Also I noted that the stock jail.conf has a line:
It doesn't explain why one or the other is needed, CentOS 6.6 is close to Fedora but I wonder if there is a path issue from this include? (Thinking out loud)
Thanks as always for you input Eric, Joe
Hi Eric, the sample of code from the Ubuntu conf that you supplied doesn't work. It creates an error:
Distro specific configs I'm guessing?
Thanks, Joe
Same issue on CentOS 7.
The module seems to be enabled correctly as it is found under Networking > Fail2Ban Intrusion Detector. From the configuration page I can either restart or stop the server, but I can't enable/disable it on boot (the only way to make it working was via shell systemctl enable fail2ban)
All of the jails are disabled and there is no protection over ssh. When I try to enable a Filter Action Jail it returns "Failed to save jail : All log files must be absolute paths or patterns".
Editing the file /etc/fail2ban/jail.conf as suggested by BossHog did the trick, but it seems there are some bugs to be fixed with regards to this module.
@cellulosa
My advice is to remove fail2ban and then manually install last version for Centos 7 (or you can try to update with yum) and use full path for jails, e.g. for ssh instead of "%(sshd_log)s" use "/var/log/secure" and so on. Next do not make changes into "jail.conf" but instead use "jail.local". In case you dont have "jail.local" make this file and then use it to apply changes/enable jails/etc...
P.S. Fail2ban works great with Centos 7 but my advice is to forget about Wmin module and make all changes manually using SSH of SFTP.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
I am unable to enable jails as well due to the error message "Failed to save jail : All log files must be absolute paths or patterns".
It seems the module is expecting an absolute log path, while Fail2Ban uses paths like "%(sshd_log)s"