Hi, I installed on Home 7.2 but it is an upgraded system from 7.1, not a clean install. Attack Detector app Version 2.2.4-1 and it is not showing any rules in the webgui so i sshed into my clearos and checked etc/fail2ban/jail.d/ with ls -lsa and the only thing showing is 00-firewalld.conf. is there a way to manually install rules? i have tried removing and re installing the app through the marketplace and still showing the same so i removed it again and tryed installing via yum install fail2ban --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates then yum --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates,clearos-updates-testing install app-attack-detector and it is still showing only 00-firewalld.conf in the jail.d. anyone got any ideas on how to fix this issue?
resolved just did a clean install and everything is working correctly from the marketplace.
resolved just did a clean install and everything is working correctly from the marketplace.
Share this post:
Responses (12)
-
Accepted Answer
@Peter,
I can see where you're coming from.
How about this for an idea:
All the configlets don't come from app-attack-detector but from the underlying apps e.g sshd. Therefore bring them in disabled so they don't mess with an f2b installation. However, in a post-installation script for app-attack-detector, enable all the clearos-*.conf files in /etc/fail2ban/jail.d. -
Accepted Answer
Hi Nick,
Nick Howitt wrote:
@Peter
I've been doing a fresh installation of 7.2 and at the moment it looks like the configlets come in OK. I have five of them, but I don't run Attack Detector, I run a full fail2ban. Unfortunately the rules come in already enabled even without an f2b/attack detector installation so, as soon as I install f2b, the rules become active. Would it not be better to bring them in disabled? A vanilla f2b installation comes in with rules disabled.
Generally, we enable things at install time. If someone has gone through the trouble of installing an app via Marketplace, then it's more likely that the user wants the app/service running. There are exceptions to that rule of course, and this might be one of those exceptions! I'll bring it up in our next tech meeting. -
Accepted Answer
@Peter
I've been doing a fresh installation of 7.2 and at the moment it looks like the configlets come in OK. I have five of them, but I don't run Attack Detector, I run a full fail2ban. Unfortunately the rules come in already enabled even without an f2b/attack detector installation so, as soon as I install f2b, the rules become active. Would it not be better to bring them in disabled? A vanilla f2b installation comes in with rules disabled. -
Accepted Answer
missing c /etc/fail2ban/jail.d/clearos-sshd-ddos.conf
missing c /etc/fail2ban/jail.d/clearos-sshd.conf
It looks like the fail2ban configlets that were installed with the SSH server were moved out of the way or deleted. You can grab a copy from http://mirror1-toronto.egloo.ca/egloo/clearos/devel/7/
cd /etc/fail2ban/jail.d
wget http://mirror1-toronto.egloo.ca/egloo/clearos/devel/7/clearos-sshd-ddos.conf
wget http://mirror1-toronto.egloo.ca/egloo/clearos/devel/7/clearos-sshd.conf
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Peter Baldwin wrote:
Strange - you don't seem to have the clearos-epel repo enabled... that would cause a problem for the handful of apps (including Attack Detector) that pull in EPEL packages. To enable clearos-epel, run:
yum-config-manager --enable clearos-epel
You will then be able to install the app via Marketplace without the error.
Note: on ClearOS Home/Business, the verified EPEL repo handling is done automatically, so the above step is neither required nor recommended.
i did that and Attack Detector did install via the market place but it is still showing no rulesfail2ban-client status
Status
|- Number of jail: 0
`- Jail list:
and status is saying Dead even after i try to start it. -
Accepted Answer
loren hackley wrote:
i also tryed installing attack detector from the marketplace in the web gui and got error Exception: [u'ERROR with transaction check vs depsolve:', 'fail2ban-server is needed by app-attack-detector-core-1:2.2.4-1.v7.noarch']
Strange - you don't seem to have the clearos-epel repo enabled... that would cause a problem for the handful of apps (including Attack Detector) that pull in EPEL packages. To enable clearos-epel, run:
yum-config-manager --enable clearos-epel
You will then be able to install the app via Marketplace without the error.
Note: on ClearOS Home/Business, the verified EPEL repo handling is done automatically, so the above step is neither required nor recommended. -
Accepted Answer
-
Accepted Answer
ok i ran
yum remove fail2ban fail2ban-server
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.9.3-1.el7 will be erased
---> Package fail2ban-server.noarch 0:0.9.3-1.el7 will be erased
--> Processing Dependency: fail2ban-server = 0.9.3-1.el7 for package: fail2ban-sendmail-0.9.3-1.el7.noarch
--> Processing Dependency: fail2ban-server = 0.9.3-1.el7 for package: fail2ban-firewalld-0.9.3-1.el7.noarch
--> Processing Dependency: fail2ban-server for package: 1:app-attack-detector-core-2.2.4-1.v7.noarch
--> Running transaction check
---> Package app-attack-detector-core.noarch 1:2.2.4-1.v7 will be erased
--> Processing Dependency: app-attack-detector-core = 1:2.2.4-1.v7 for package: 1:app-attack-detector-2.2.4-1.v7.noarch
---> Package fail2ban-firewalld.noarch 0:0.9.3-1.el7 will be erased
---> Package fail2ban-sendmail.noarch 0:0.9.3-1.el7 will be erased
--> Running transaction check
---> Package app-attack-detector.noarch 1:2.2.4-1.v7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================================================
Removing:
fail2ban noarch 0.9.3-1.el7 @clearos-epel 0.0
fail2ban-server noarch 0.9.3-1.el7 @clearos-epel 1.3 M
Removing for dependencies:
app-attack-detector noarch 1:2.2.4-1.v7 @clearos-updates 18 k
app-attack-detector-core noarch 1:2.2.4-1.v7 @clearos-updates 13 k
fail2ban-firewalld noarch 0.9.3-1.el7 @clearos-epel 270
fail2ban-sendmail noarch 0.9.3-1.el7 @clearos-epel 11 k
Transaction Summary
====================================================================================================================================================================================================
Remove 2 Packages (+4 Dependent packages)
Installed size: 1.4 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : fail2ban-0.9.3-1.el7.noarch 1/6
Erasing : fail2ban-firewalld-0.9.3-1.el7.noarch 2/6
Erasing : fail2ban-sendmail-0.9.3-1.el7.noarch 3/6
Erasing : 1:app-attack-detector-2.2.4-1.v7.noarch 4/6
Erasing : 1:app-attack-detector-core-2.2.4-1.v7.noarch 5/6
Erasing : fail2ban-server-0.9.3-1.el7.noarch 6/6
warning: /etc/fail2ban/jail.conf saved as /etc/fail2ban/jail.conf.rpmsave
Verifying : fail2ban-firewalld-0.9.3-1.el7.noarch 1/6
Verifying : 1:app-attack-detector-2.2.4-1.v7.noarch 2/6
Verifying : fail2ban-0.9.3-1.el7.noarch 3/6
Verifying : fail2ban-server-0.9.3-1.el7.noarch 4/6
Verifying : fail2ban-sendmail-0.9.3-1.el7.noarch 5/6
Verifying : 1:app-attack-detector-core-2.2.4-1.v7.noarch 6/6
Removed:
fail2ban.noarch 0:0.9.3-1.el7 fail2ban-server.noarch 0:0.9.3-1.el7
Dependency Removed:
app-attack-detector.noarch 1:2.2.4-1.v7 app-attack-detector-core.noarch 1:2.2.4-1.v7 fail2ban-firewalld.noarch 0:0.9.3-1.el7 fail2ban-sendmail.noarch 0:0.9.3-1.el7
Complete!
then i rmdir fail2ban/
yum install app-attack-detector
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
clearos | 3.6 kB 00:00:00
clearos-centos | 3.6 kB 00:00:00
clearos-centos-updates | 2.9 kB 00:00:00
clearos-contribs | 3.0 kB 00:00:00
clearos-fast-updates | 2.9 kB 00:00:00
clearos-infra | 3.0 kB 00:00:00
clearos-updates | 3.0 kB 00:00:00
Loading mirror speeds from cached hostfile
* clearos: clearos.bhs.mirrors.ovh.net
* clearos-centos: download3.clearsdn.com
* clearos-centos-updates: download3.clearsdn.com
* clearos-contribs: clearos.bhs.mirrors.ovh.net
* clearos-fast-updates: download3.clearsdn.com
* clearos-infra: clearos.bhs.mirrors.ovh.net
* clearos-updates: clearos.bhs.mirrors.ovh.net
* private-clearcenter-dyndns: download2.clearsdn.com:80
private-clearcenter-dyndns | 1.9 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package app-attack-detector.noarch 1:2.2.4-1.v7 will be installed
--> Processing Dependency: app-attack-detector-core = 1:2.2.4-1.v7 for package: 1:app-attack-detector-2.2.4-1.v7.noarch
--> Running transaction check
---> Package app-attack-detector-core.noarch 1:2.2.4-1.v7 will be installed
--> Processing Dependency: fail2ban-server for package: 1:app-attack-detector-core-2.2.4-1.v7.noarch
--> Finished Dependency Resolution
Error: Package: 1:app-attack-detector-core-2.2.4-1.v7.noarch (clearos-updates)
Requires: fail2ban-server
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
this is why i installed it with
yum install fail2ban --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates
then
yum --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates,clearos-updates-testing install app-attack-detector
but that lead to the original problem of jail not showing anything in it other then 00-firewalld.conf -
Accepted Answer
Hi Loren,
Strange but true: the fail2ban RPM is not the package that you want. Instead, it's the fail2ban-server package. I would re-install the Attack Detector app with:
yum remove fail2ban fail2ban-server
It's okay if you see app-attack-detector and app-attack-detector-core getting removed with that command. Next, re-install the app:
yum install app-attack-detector
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »