Fail2ban 0.9.0 enabling jails - Glam Prestige Journal

I updated my server to 16.04 and it only installs fail2ban 0.9.0. There is no option to enable jails and when I add it manually it fails to load. Any help much appreciated.

2 Answers

Yeah, Fail2ban configuration files has changed a lot since V.0.9.X.

After V.0.9.X you should NOT change the original config file, that is located in

/etc/fail2ban/jail.conf

this is from Fail2ban jail.conf

# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.

Ubuntu 16.04 installs Fail2ban V.0.9.3-1 To config it, do the following:

apt update
apt install fail2ban

after Fail2ban has been successfully installed:

cd /etc/fail2ban/

we now create some local jail, to override the default configurations

sudo nano /etc/fail2ban/jail.local

no copy and paste the following

[DEFAULT]
# Ban hosts for two days:
bantime = 172800
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd]
enabled = true

now write to the file (ctrl + o) and close it (ctrl + x)

restart fail2ban service

sudo systemctl restart fail2ban

check fail2ban status

sudo fail2ban-client status

you should get a output like this:

Status
|- Number of jail: 1
`- Jail list: sshd

now you check individuals jails e.g.

sudo fail2ban-client status sshd

with the above commands you can see which IP addresses has been blocked Fail2ban service!

you can control with systemctl is fail2ban is running or not

sudo systemctl status fail2ban

this is it.

PS: you can add other parameters like mail sending, find time, max-retry and ... if you would like!

Sources:

How To Protect SSH With Fail2Ban on CentOS 7

Fail2ban with FirewallD

Using Fail2ban to Secure Your Server

PS2: There is a newer version of Fail2ban available -> v0.9.4

If you would like, you can compile it yourself (read the Fail2ban github page) - though compiling IS NOT recommended From Fail2ban Github Page

It is possible that Fail2ban is already packaged for your distribution. In this case, you should use it instead.

you can use the .dep package for the next version of Ubuntu (which is Yekkety)Package: fail2ban (0.9.4-1) [universe]

In addition to bossModus's info, note that there is no apache jail in the newer versions of fail2ban. I believe it was renamed to apache-auth.

2 Answers

Your Answer

Sign up or log in

Post as a guest

Related Journals

How high up does a mob spawner have to be for it to NOT have reduced mob drops from any caves that may be below it

Where's Brother Vernan's hidden lair?

Plan B for spy (What spy revolver?)

Where to locate png for nether portal in assets