hal9008
Posts: 8
Joined: Tue Oct 30, 2018 2:44 pm

Problem with fail2ban

Fri Jan 11, 2019 9:37 am

Hello.

I think that I have problems with fail2ban in a new installation of a Raspberry.

I have an HDD connected by usb with all the operating system (stretch). I have apache, php7.2 and maria db installed on int. It runs some webpages, and the bigger one is a personal Nextcloud. It runs a mail server too (iRedMail). iRedmail was the program that installed apache, mysql, fail2ban, etc... So, the settings of fail2ban are the one that iRedMail put in it's installation.

Before the installation of Nextcloud, all works fine, but when i installed nextcloud i was banned some times, and i think that fail2ban is the problem. In my computer i have the client of Nextcloud, sincronization of calendars and contacts (caldav and carddav), ssh to manage the raspberry (I still configuring some things) and firefox with my nextcloud. I notice that when i change pages fast in my nextcloud web, finally i can't see the webpage anymore. But if i connect with other computer the webpage is online (so i think that the problem is fail2ban, because the page charge in another computer during the problem). When this happend, the SSH connection in the problematic computer is still alive. Only affects to the page of nextcloud and the rest of pages that apache serve, like roundcube or any other. When this happend, the problem is what apache serve to my computer, because i still access to SSH during the problem (seems that the port 80 is being blocked by fail2ban). I See this problem using windows, linux and mac.

I see the logs in /var/log/fail2ban.log but it seems that the system don't write in this file. The contents are the following

Code: Select all

2019-01-07 15:27:08,996 fail2ban.server         [3052]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2019-01-07 15:27:09,008 fail2ban.database       [3052]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-01-07 15:27:09,025 fail2ban.database       [3052]: WARNING New database created. Version '2'
2019-01-07 15:27:09,028 fail2ban.jail           [3052]: INFO    Creating new jail 'sshd'
2019-01-07 15:27:09,383 fail2ban.jail           [3052]: INFO    Jail 'sshd' uses pyinotify {}
2019-01-07 15:27:09,474 fail2ban.jail           [3052]: INFO    Initiated 'pyinotify' backend
2019-01-07 15:27:09,706 fail2ban.filter         [3052]: INFO    Added logfile = /var/log/auth.log
2019-01-07 15:27:09,711 fail2ban.filter         [3052]: INFO    Set maxRetry = 5
2019-01-07 15:27:09,713 fail2ban.filter         [3052]: INFO    Set jail log file encoding to UTF-8
2019-01-07 15:27:09,714 fail2ban.filter         [3052]: INFO    Set findtime = 600
2019-01-07 15:27:09,716 fail2ban.actions        [3052]: INFO    Set banTime = 600
2019-01-07 15:27:09,717 fail2ban.filter         [3052]: INFO    Set maxlines = 10
2019-01-07 15:27:10,102 fail2ban.server         [3052]: INFO    Jail sshd is not a JournalFilter instance
2019-01-07 15:27:10,122 fail2ban.jail           [3052]: INFO    Jail 'sshd' started
2019-01-07 15:37:35,523 fail2ban.server         [3052]: INFO    Stopping all jails
2019-01-07 15:37:36,418 fail2ban.jail           [3052]: INFO    Jail 'sshd' stopped
2019-01-07 15:37:36,423 fail2ban.server         [3052]: INFO    Exiting Fail2ban
(Notice that today is 11th of January, so i think that must be any log more, but i can't find it).

The stats of the machine are the following:

https://www.matas.com.es/monitor/status.html

¿any idea to solve this problem?

Regards.

Andyroo
Posts: 3850
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Problem with fail2ban

Fri Jan 11, 2019 3:13 pm

Have you seen these rules https://github.com/hailthemelody/nextcloud-fail2ban and the note about Nextcloud supporting its own brute force defence?

You may be over protected :lol:
Need Pi spray - these things are breeding in my house...

Return to “Troubleshooting”