Forums

Resolved
0 votes
I'm running ClearOS 7.5 Gateway with a purchased license for IDS signature. From my understanding fail2ban can work alongside IDS? So I wanted to try my hand at configuring/hardening my server from repeat ip addresses that keep hammering my server. I made a copy of jail.conf as per recommendation as jail.local. I THINK Attack Detector was running prior to configuring (can't be sure).

Anyways, I read the fail2ban manual and went over a couple tutorials prior to making a config. Afterward restarting fail2ban I notice attack detector service was not running. I tried uninstall the app package and reinstalling. I then follow this tutorial. https://wikisuite.org/How-to-install-Fail2ban-on-ClearOS. I enabled rules following the traditional .local protocol. Checking the status of fail2ban I noticed this. My Clear installation is clean - meaning from the time it went up I have used standard packages.

I'm kind of green to linux, but I'm feeling my way around...

Thank you in advance


[root@gateway ~]# systemctl status fail2ban -l
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2022-03-13 17:13:11 CDT; 37min ago
Docs: man:fail2ban(1)
Process: 29628 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255)
Process: 29625 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 29628 (code=exited, status=255)

Mar 13 17:13:11 gateway.lan fail2ban-server[29628]: 2022-03-13 17:13:11,534 fail2ban [29628]: ERROR Failed during configuration: Have not found any log file for apache-auth jail
Mar 13 17:13:11 gateway.lan fail2ban-server[29628]: 2022-03-13 17:13:11,561 fail2ban [29628]: ERROR Async configuration of server failed
Mar 13 17:13:11 gateway.lan systemd[1]: fail2ban.service: main process exited, code=exited, status=255/n/a
Mar 13 17:13:11 gateway.lan systemd[1]: Unit fail2ban.service entered failed state.
Mar 13 17:13:11 gateway.lan systemd[1]: fail2ban.service failed.
Sunday, March 13 2022, 10:52 PM
Share this post:
Responses (6)
  • Accepted Answer

    Sunday, March 13 2022, 11:22 PM - #Permalink
    Resolved
    0 votes
    What is up with this forum? It's kind of slow loading.

    update:
    - I uninstalled the Attack Detector package
    - checked to see if there were any other duplicate packages for fail2ban (i think - via "yum remove")
    - deleted jail.d and jail.local in etc/fail2ban
    +reinstalled attack detector and was able to click on the service to start.
    * except I have these strange blocked addresses and they won't delete via the Clear web gui.
    *Question: Where would I look to correct the Ban Listing for the GUI?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 14 2022, 02:36 AM - #Permalink
    Resolved
    0 votes
    update 2:
    I resolved fail2ban not starting by starting with a clean jail.local and testing different configs. In other words I was too heavy handed with the config.

    edit - update 3: the strange BAN entry for attack detector disappeared - I noticed though even though there are jails active from the jails.local config - it's not reflected in the COS gui *shrugs.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 14 2022, 08:39 PM - #Permalink
    Resolved
    0 votes
    Hi Nathan

    fail2ban should be working out of the box.
    As you can read on the wikisuite page you are refering to, the howto is out dated
     This page is deprecated and will eventually be deleted, because of the New Attack Detector app from ClearOS (Fail2ban)

    Please see: How to install Attack Detector (Fail2ban) on ClearOS


    Maybe it is an option to update COS to the latest version 7.9 since you are still on an old version 7.5
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 14 2022, 09:47 PM - #Permalink
    Resolved
    0 votes
    Thanks Patrick, I'm trying to figure out how I can update to 7.9


    Patrick de Brabander wrote:
    Hi Nathan

    fail2ban should be working out of the box.
    As you can read on the wikisuite page you are refering to, the howto is out dated
     This page is deprecated and will eventually be deleted, because of the New Attack Detector app from ClearOS (Fail2ban)

    Please see: How to install Attack Detector (Fail2ban) on ClearOS


    Maybe it is an option to update COS to the latest version 7.9 since you are still on an old version 7.5
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 14 2022, 10:47 PM - #Permalink
    Resolved
    0 votes
    I just looked - I'm on COS v 7.9.1
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 15 2022, 07:48 AM - #Permalink
    Resolved
    0 votes
    Nathan Cook wrote:

    I just looked - I'm on COS v 7.9.1

    That is good.
    Try to get a clean install of Fail2ban and app-fail2ban.
    When you have the clean install it should work. When it is starting and working you can fine tune it by editting the files in /etc/fail2ban/jail.d

    For example : clearos-postfix-sasl.conf

    [postfix-sasl]
    enabled = true
    maxretry = 1
    bantime = 432000
    findtime = 14400
    The reply is currently minimized Show
Your Reply