I'm running ClearOS 7.5 Gateway with a purchased license for IDS signature. From my understanding fail2ban can work alongside IDS? So I wanted to try my hand at configuring/hardening my server from repeat ip addresses that keep hammering my server. I made a copy of jail.conf as per recommendation as jail.local. I THINK Attack Detector was running prior to configuring (can't be sure).
Anyways, I read the fail2ban manual and went over a couple tutorials prior to making a config. Afterward restarting fail2ban I notice attack detector service was not running. I tried uninstall the app package and reinstalling. I then follow this tutorial. https://wikisuite.org/How-to-install-Fail2ban-on-ClearOS. I enabled rules following the traditional .local protocol. Checking the status of fail2ban I noticed this. My Clear installation is clean - meaning from the time it went up I have used standard packages.
I'm kind of green to linux, but I'm feeling my way around...
Thank you in advance
Anyways, I read the fail2ban manual and went over a couple tutorials prior to making a config. Afterward restarting fail2ban I notice attack detector service was not running. I tried uninstall the app package and reinstalling. I then follow this tutorial. https://wikisuite.org/How-to-install-Fail2ban-on-ClearOS. I enabled rules following the traditional .local protocol. Checking the status of fail2ban I noticed this. My Clear installation is clean - meaning from the time it went up I have used standard packages.
I'm kind of green to linux, but I'm feeling my way around...
Thank you in advance
[root@gateway ~]# systemctl status fail2ban -l
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2022-03-13 17:13:11 CDT; 37min ago
Docs: man:fail2ban(1)
Process: 29628 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255)
Process: 29625 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 29628 (code=exited, status=255)
Mar 13 17:13:11 gateway.lan fail2ban-server[29628]: 2022-03-13 17:13:11,534 fail2ban [29628]: ERROR Failed during configuration: Have not found any log file for apache-auth jail
Mar 13 17:13:11 gateway.lan fail2ban-server[29628]: 2022-03-13 17:13:11,561 fail2ban [29628]: ERROR Async configuration of server failed
Mar 13 17:13:11 gateway.lan systemd[1]: fail2ban.service: main process exited, code=exited, status=255/n/a
Mar 13 17:13:11 gateway.lan systemd[1]: Unit fail2ban.service entered failed state.
Mar 13 17:13:11 gateway.lan systemd[1]: fail2ban.service failed.
Share this post:
Responses (6)
-
Accepted Answer
What is up with this forum? It's kind of slow loading.
update:
- I uninstalled the Attack Detector package
- checked to see if there were any other duplicate packages for fail2ban (i think - via "yum remove")
- deleted jail.d and jail.local in etc/fail2ban
+reinstalled attack detector and was able to click on the service to start.
* except I have these strange blocked addresses and they won't delete via the Clear web gui.
*Question: Where would I look to correct the Ban Listing for the GUI? -
Accepted Answer
update 2:
I resolved fail2ban not starting by starting with a clean jail.local and testing different configs. In other words I was too heavy handed with the config.
edit - update 3: the strange BAN entry for attack detector disappeared - I noticed though even though there are jails active from the jails.local config - it's not reflected in the COS gui *shrugs. -
Accepted Answer
Hi Nathan
fail2ban should be working out of the box.
As you can read on the wikisuite page you are refering to, the howto is out dated
This page is deprecated and will eventually be deleted, because of the New Attack Detector app from ClearOS (Fail2ban)
Please see: How to install Attack Detector (Fail2ban) on ClearOS
Maybe it is an option to update COS to the latest version 7.9 since you are still on an old version 7.5 -
Accepted Answer
Thanks Patrick, I'm trying to figure out how I can update to 7.9
Patrick de Brabander wrote:
Hi Nathan
fail2ban should be working out of the box.
As you can read on the wikisuite page you are refering to, the howto is out dated
This page is deprecated and will eventually be deleted, because of the New Attack Detector app from ClearOS (Fail2ban)
Please see: How to install Attack Detector (Fail2ban) on ClearOS
Maybe it is an option to update COS to the latest version 7.9 since you are still on an old version 7.5 -
Accepted Answer
Nathan Cook wrote:
I just looked - I'm on COS v 7.9.1
That is good.
Try to get a clean install of Fail2ban and app-fail2ban.
When you have the clean install it should work. When it is starting and working you can fine tune it by editting the files in /etc/fail2ban/jail.d
For example : clearos-postfix-sasl.conf
[postfix-sasl]
enabled = true
maxretry = 1
bantime = 432000
findtime = 14400
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »