Fail2Ban not working...

  • Hello, i have problem with Fail2ban.... I have fresh install of this plugin, have all set and enable. I have SSH filter set for max reetry 3 and ban time 604800.... But still, i can log into ssh as manny i want and no BAN is happen....

  • which logfile do you use and filter?


    You should use OMV4 right now since OMV3 is EOL.


    You should not open SSH towards internet, prefer VPN

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

    • Offizieller Beitrag

    You should use OMV4 right now since OMV3 is EOL.

    There is no fail2ban plugin in OMV4 though.

    You should not open SSH towards internet, prefer VPN

    If you use public key auth, disable root logins, disable password auth, and use a different port, I don't see why ssh is any less secure than vpn. This is what I do. I also change the port on my router's (pfsense) port forwarding so I can leave port 22 for internal use but port 22 isn't open to the internet (which will get attacked much more by the bots).

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I know there is no fail2ban in OMV4, but for a fresh install I would prefer the latest stable.


    I used fail2ban on my nextcloud install for the last 2 years on OMV3 and never had any incidance with one trying to get access. I still have a lot of pings and reaches which I can see in nextcloud-log.


    Still a plugin on my wish list for OMV4, next to calibre.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • I use OMW3 because OMW4 was unstable at the time of installation. Unfortunately, I do not know much about setting the filters, I have a clean F2B installation. Of course, if I leave SSH working, it will be on another port. Unfortunately, it does not work.

  • It didn't work for me out of the box on OMV3 either.


    Log into OMV by SSH and rename the following file:


    Bash
    mv /etc/fail2ban/jail.d/defaults-debian.conf  /etc/fail2ban/jail.d/defaults-debian.conf.backup

    Then restart the service.

  • hey - i'm new here (first install / first install problems -.- you know)


    what i can see so far is: fail2ban will not work for http requests as long as the login page returns http code 200 for an access denied case.


    fail2ban works with error logs and wrong return codes prevent any use of it.


    its not the fault of the environment (nginx etc.) as logs only contain request urls and not the post data.


    if the omv implementation is modified, fail2ban and any other log crawler will work again


    the ssh part is a different story - and i think it's not really part of the omv service.
    you would have the same problems on any other installation

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!