Confirm Fail2Ban config

Support for security such as Firewalls and securing linux
Post Reply
Boyd.ako
Posts: 46
Joined: 2016/06/22 08:49:07
Location: Honolulu, HI
Contact:

Confirm Fail2Ban config

Post by Boyd.ako » 2019/06/29 11:01:48

So, I installed fail2ban-* and trying to configure it to watch apache logs.

From what I read in https://www.linode.com/docs/security/us ... -security/ it stated that nothing was enabled by default. Once `systemctl start fail2ban` was run it stated no "jails" were running. Review of jail.local; a copy of /etc/fail2ban/jail.conf, stated below:

Code: Select all

[apache-auth]

port     = http,https
logpath  = %(apache_error_log)s
There's a bunch of other apache sects like that that are uncommented. I was under the impression that having a sect like that in jail.local would monitor the apache access logs.

Going off the link aforementioned, I did notice jail.local is missing the following like lines in the sect.

Code: Select all

enabled  = true
port     = ssh
filter   = sshd
If those are required in the jail.local config, where can I find information on the stated port and filter? I'm sure I could just use "http". But, I'd like to know where the information is actually aggregated from. Why? Essentially, I'm probably going to have to setup some custom like stuff for ampache I'm running on the server. I'm aware of the configs in filter.d. But, it's all pretty much in Deutsch for me at the moment.
My noob level: LPIC-2, Sec+ CE, Linux+
https://boydhanaleiako.me

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Confirm Fail2Ban config

Post by lightman47 » 2019/06/29 11:11:45

jails must be enabled individually with the (missing in your case) enabled = true

Try inserting that and starting fail2ban - see if it helps

port = are the port(s) that will get blocked if that jail particular gets 'violated'

Post Reply