Fail2ban plugin not working

  • I've installed and configured fail2ban

    I enabled ssh, ssh-ddos, omv-webui, ngix-404 and both apache jails.


    I started off trying to test it with ssh (the most important to me)

    But sshing into the server lets me try 3 times and then disconnects me and I can immediately try the command again

    I've done it like 5 times in a row and the ban never takes effect.

    I even tried manually restarting the fail2ban service via the command line.


    Any ideas what could be wrong?

  • From where are you trying to ssh in?


    Look in the fail2ban configuration file to see if you have any applicable ignoreip settings.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 6.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 16GB ECC RAM.

  • From where are you trying to ssh in?


    Look in the fail2ban configuration file to see if you have any applicable ignoreip settings.

    I'm trying to login from a machine on my local network IP address 192.168.1.235

    I left the ignoreip setting at the default value 127.0.0.1

    I can see the invalid login attempts in the log file configured in fail2ban


    Aug 30 15:06:42 Rapier sshd[6078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:06:44 Rapier sshd[6078]: Failed password for root from 192.168.1.235 port 50570 ssh2

    Aug 30 15:06:49 Rapier sshd[6078]: Failed password for root from 192.168.1.235 port 50570 ssh2

    Aug 30 15:06:55 Rapier sshd[6078]: Failed password for root from 192.168.1.235 port 50570 ssh2

    Aug 30 15:06:57 Rapier sshd[6078]: Connection closed by authenticating user root 192.168.1.235 port 50570 [preauth]

    Aug 30 15:06:57 Rapier sshd[6078]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:07:01 Rapier sshd[6166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:07:03 Rapier sshd[6166]: Failed password for root from 192.168.1.235 port 50572 ssh2

    Aug 30 15:07:08 Rapier sshd[6166]: Failed password for root from 192.168.1.235 port 50572 ssh2

    Aug 30 15:07:11 Rapier sshd[6166]: Failed password for root from 192.168.1.235 port 50572 ssh2

    Aug 30 15:07:13 Rapier sshd[6166]: Connection closed by authenticating user root 192.168.1.235 port 50572 [preauth]

    Aug 30 15:07:13 Rapier sshd[6166]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:07:17 Rapier sshd[6236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:07:19 Rapier sshd[6236]: Failed password for root from 192.168.1.235 port 50574 ssh2

    Aug 30 15:07:25 Rapier sshd[6236]: Failed password for root from 192.168.1.235 port 50574 ssh2

    Aug 30 15:07:30 Rapier sshd[6236]: Failed password for root from 192.168.1.235 port 50574 ssh2

    Aug 30 15:07:31 Rapier sshd[6236]: Connection closed by authenticating user root 192.168.1.235 port 50574 [preauth]

    Aug 30 15:07:31 Rapier sshd[6236]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:07:35 Rapier sshd[6332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.235 user=root

    Aug 30 15:07:37 Rapier sshd[6332]: Failed password for root from 192.168.1.235 port 50576 ssh2

    Aug 30 15:07:46 Rapier sshd[6332]: Connection closed by authenticating user root 192.168.1.235 port 50576 [preauth]

    Aug 30 15:08:43 Rapier sshd[6580]: Accepted password for root from 192.168.1.235 port 50578 ssh2

    Aug 30 15:08:43 Rapier sshd[6580]: pam_unix(sshd:session): session opened for user root by (uid=0)


    It looks like the Fail2ban service is failing to load

    docker.service loaded active running Docker Application Container Engine

    ● fail2ban.service loaded failed failed Fail2Ban Service

    folder2ram_startup.service loaded active exited folder2ram systemd service


    Thanks for the reploy

  • I've managed to get the ssh and webui-omv filters to work by disabling everything else.

    I left everything pretty much at the default and it seems some of the filters I have enabled were causing the service to fail to run.


    sshd-ddos which I would like to have enabled failed with the error in fail2ban.log

    2020-08-30 16:05:13,337 fail2ban.transmitter [5092]: ERROR Jail 'ssh-ddos' skipped, because of wrong configuration: Unable to read the filter 'sshd-ddos'

    I still need help with this filter


    Do you know if the apache or ngix filters are needed, I'm not running any of my own sites

    But I think the webui uses nginx, right?

  • I have problems when installing fail2ban (openmediavault-fail2ban 5.04) in OMV 5.5.9-1 May the package be broken?, when I try to install it I've got the error


  • I had a similar problem installing fail2ban.

    The webui component should be visible even though it didn't fully install. Go to the webui and fill in the last box action with one of the calling values. I used action_mwl. Then login via ssh and do a sudo apt-get upgrade and the package should complete it's installation

  • I had a similar problem installing fail2ban.

    The webui component should be visible even though it didn't fully install. Go to the webui and fill in the last box action with one of the calling values. I used action_mwl. Then login via ssh and do a sudo apt-get upgrade and the package should complete it's installation

    That procedure worked in my installation, thank you.

    The package is still broken!!!

  • The package is still broken!!!

    Yep and as I reported in a couple of other threads, I need to fix it. I haven't had time...

    omv 6.0.27-1 Shaitan | 64 bit | 5.15 proxmox kernel | plugins :: omvextrasorg 6.0.9 | kvm 6.1.12 | mergerfs 6.1.1 | zfs 6.0.9
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Can you also think about adding 'recidive jail' inside the options and WebIf GUI

    Is there a reason this needs to be maintained in the plugin rather than letting the user add it?

    omv 6.0.27-1 Shaitan | 64 bit | 5.15 proxmox kernel | plugins :: omvextrasorg 6.0.9 | kvm 6.1.12 | mergerfs 6.1.1 | zfs 6.0.9
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.
    Please don't PM for support... Too many PMs!

  • could be me but I didn't see the option in the GUI?

    I don't use this plugin and only maintain it enough to port to new versions of OMV. I glanced at your link and it looked like it was just another jail that you could. While the recidive jail would be easy to add, the article suggests a big change to the the bantime that I don't feel comfortable making. You could add a recidive file in /etc/fail2ban/jail.d/ that the plugin wouldn't touch as long as the filename didn't start with openmediavault-.

    omv 6.0.27-1 Shaitan | 64 bit | 5.15 proxmox kernel | plugins :: omvextrasorg 6.0.9 | kvm 6.1.12 | mergerfs 6.1.1 | zfs 6.0.9
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!