Fail2Ban on Centos 7

do you have the package fail2ban-firewalld installed? that appears to set it to use firewalld by default, I installed it by using yum install fail2ban and its worked perfectly with Firewalld

im sure that would just install it the same way anyway, however I didn't use that.... if you do a yum status fail2ban-firewalld does that say its installed?

if its not you should just be able to install that module to the current one

oops

that should have been yum info fail2ban-firewalld

in that case it should be working.... can you see it adding rules etc on the jails you have enabled?

ipset --list will show the enabled jails and any ip's that are banned

ah right...

well it seems the virtualmin way installs the same thing command line does (which makes sense) so you should just be able to enable jails and it should work... that firewalld one is supposed to override them to use that instead

I'm going to horn in on this thread because perhaps Brook will run into the same problems I have and will then have the same questions I do.

As mentioned in a previous thread I'm evaluating the GPL version before going Pro. With AskewDread's help I solved my other issue (thank-you again), but I'm having difficulty with fail2ban, also on a CentOS 7 system.

I first attempted to install fail2ban via Webmin, but that failed because I hadn't installed EPEL per the instructions at https://www.virtualmin.com/documentation/security/fail2ban . So I did that and then Webmin was able to install fail2ban, along with a bunch of dependencies. So far, so good.

Then the problems started.

I clicked through to the now active fail2ban module and started fail2ban. According to "ps" this appears to have been successful. Then I attempted to configure it to start at boot. Each time the page refreshed, "No" was still selected. So I moved on.

Contrary to the documentation linked to above, the SSH monitoring shows as disabled under "Filter Action Jails". When I tried to enable it I got the following error:

Failed to save jail : All log files must be absolute paths or patterns

All I did was click "Yes" next to "Currently enabled?" and then the "Save" button, leaving all of the default settings in place. Am I supposed to change the default settings? Which ones?

I tried activating a couple of other jails in the same way and received exactly the same error each time. Something is not working.

Back at the full list of jails, while one can select multiple jails, there doesn't seem to be a way to activate them at the same time. Do I really have to activate them one at a time?! Regardless, I'm getting the above error when I try anyway.

Simply put, fail2ban doesn't seem to be working on my server. I can't configure it (through Webmin anyway) to start on boot, and I cannot activate any of the filter actions.

Anyone have any ideas? Thanks.

Craig

ill leave that to be answered by someone else :) im not sure if there is or isn't.... I just enabled the ones I care about

the ones I currently use are: sshd, sshd-ddos, mysqld_auth, pam-generic, postfix, postfix-sasl

Hi Brook,

Yup, everything else is running OK. This was the final test I was running before deciding whether or not to buy the Pro version. I'd addressed all of my other concerns/tests, and this came out of nowhere. I've installed and configured fail2ban manually on other servers, but the point of Virtualmin is to do it through Virtualmin, of course, so that's what I'm trying to do.

The fail2ban log (/var/log/fail2ban.log) has only three lines in it that basically record only the start-up. I've grepped "fail2ban" in every file in and under /var/log and /var/webmin/webmin.log, but there are no clues. Are there any other logs I can check?

Craig