wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Raspbian Stretch fail2ban - New Post

Tue Oct 16, 2018 9:21 pm

ANYBODY: Comments always appreciated and used; thank you!!!!!

Thanks again, everyone, for your help in setting up my 2 stretch cards (primary and back up).

Received my first fail2ban hacker attempt when I quickly disconnected the ethernet connection on. I have been using primarily (not all) DougieLawson fail2ban recommendations. Reconnected the ethernet a couple of times for a few (2-3) minutes at a time with no fail2ban hacker attempts today.

Will connect indefinitely with ethernet after I do either of the following:

As HawaiianPi recommended, I may disable the pi user as I have connected to the internet again a couple of times for a few (2-3) minutes without any hack attempts.

Now, should I disable/lock OR delete pi and the home directory before connecting the ethernet permanently - just worried about unexpected results affecting my other user(s) with the same pi permissions. Has anybody experienced any problems disabling/locking or deleting pi and the home directory? If so, please let me know if you have any recommendations in disabling/locking pi OR deleting pi and pi home directory. Potential coding are as follows:

1) disabling/locking pi:

1a) sudo passwd --lock pi

I am inclined to just disable/lock pi, provided pi can be re-enabled/unlocked with the following or other unlocking command:

1b) sudo passwd --unlock pi

OR

2) removing pi and home directory entirely:

2a) sudo deluser pi

and 2b) sudo deluser -remove-home pi

Please let me know what you think; thanks!!!!!

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch disable or delete pi before permanent commencement of ethernet fail2ban - New Post with additional

Thu Oct 18, 2018 1:09 am

Just changed subject to correctly reflect the question with additional information below.

The main question is disable or delete pi before permanently commencing fail2ban; tests were conducted with several fail2ban warnings. Are these significant warnings?

10-17-18

booted with ethernet for 15 minutes

[email protected]:~ $ sudo fail2ban-client status
[sudo] password for pi:
Status
|- Number of jail: 1
`- Jail list: sshd
[email protected]:~ $ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[email protected]:~ $ exit


rebooted w/ ethernet for a few (2-3) minutes

Note earlier/previous fail2ban warnings:


2018-10-13 21:31:01,748 fail2ban.database [1290]: INFO Connected to fa$
$ase created. Version '2'



2018-10-15 13:13:59,705 fail2ban.server [455]: INFO Jail sshd is not$
$' started
2018-10-15 13:13:59,768 fail2ban.jail [455]: INFO Jail 'sshd' star$
$sshd'] has failed. Received Exception('Invalid command',



2018-10-15 15:31:49,192 fail2ban.server [485]: INFO Jail sshd is not$
$' started
2018-10-15 15:31:49,254 fail2ban.jail [485]: INFO Jail 'sshd' star$
$sshd'] has failed. Received Exception('Invalid command',)
2018-10-15 15:33:19,548 fail2ban.transmitter [485]: WARNING Command ['sshd']$
$sshd'] has failed. Received Exception('Invalid command',)



[email protected]:~ $ sudo fail2ban-client status
[sudo] password for pi:
Status
|- Number of jail: 1
`- Jail list: sshd
[email protected]:~ $ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[email protected]:~ $ sudo nano /var/log/fail2ban.log
[email protected]:~ $ sudo zgrep 'BAN' /var/log/fail2ban.log*
[sudo] password for pi:
[email protected]:~ $ exit

User avatar
Yukon Cornelius
Posts: 20
Joined: Tue Jul 03, 2018 7:24 am

Re: Raspbian Stretch fail2ban - New Post

Thu Oct 18, 2018 5:48 am

wmnally5 wrote:
Tue Oct 16, 2018 9:21 pm
......
I have been using primarily (not all) DougieLawson fail2ban recommendations.
......
Hi there
Could you provide a link to that please ?

I have recently been experimenting with fail2ban on one of my Pi systems but I haven't seen the slightest hint
of any hacker being interested in me !
Maybe it's a personal hygiene issue on my part :mrgreen:

There was a thread on here about setting up a honeypot on a Pi , but that is just asking for trouble IMO .

User avatar
DougieLawson
Posts: 35358
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Raspbian Stretch fail2ban - New Post

Thu Oct 18, 2018 9:26 am

I've got 17 jails enabled. The pi userid doesn't exist (I've renamed it).

The jails that have caught any attacks are:

Code: Select all

Status for the jail: apache-noscript
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     18
|  `- File list:        /var/log/apache2/error.log
`- Actions
   |- Currently banned: 41
   |- Total banned:     41

Status for the jail: openvpn
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     4
|  `- File list:        /var/log/openvpn.log
`- Actions
   |- Currently banned: 22
   |- Total banned:     22

Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     404
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 626
   |- Total banned:     626
OpenVPN is one I created myself

Code: Select all

# Fail2Ban filter for selected OpenVPN rejections
#
#

[Definition]

failregex = <HOST> TLS Error:
      <HOST> TLS Error: TLS handshake failed

ignoreregex =
On my system once you're banned on any port/any attack vector your IP address is banned forever on all ports. I cleaned out the database recently as the 3000+ banned addresses were slowing that machine down running iptables code all the time.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Thu Oct 18, 2018 10:17 pm

Yukon Cornelius: I find most all of DougieLawson's fail2ban posts (not including the 1 he provided here!) on fail2ban by searching 'DougieLawson fail2ban' using duckduckgo search on the raspberry.org website; if you cannot find them, do an extended search on the Raspberry website.

DougieLawson: I know you are busy, I am using your recommended 1 day findtime and negative bandtime coding. Where in the complicated fail2ban local file do I insert this/your coding and does it matter where - I cannot find any references to your provided coding anywhere in the fail2ban file - is this all new coding? Do I use my 'ignoreip =' coding in your coding 'ignoreregex = coding'? I have the latest released Stretch version of fail2ban. I do not have any problems updating, dist-upgrading and installing software.

I do not have any banned ips since I have only been sporadically, ethernet connected for ~ 2.0 hours (total); I figure that the ips are much harder to get rid of, if they gain access, then to never allow them to gain access, to begin with!

In addition, I really appreciate all your great fail2ban recommendations - be aware that for now, I am only using your recommended fail2ban coding that I have too. I very much want to use this coding before I connect my ethernet permanently - I see that your recommended coding is evolving/simpler than in the past.

Thank you so very much!!!!!!!

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Sat Oct 20, 2018 3:03 pm

DougieLawson:

Thank you for the information about renaming the pi user. I still only have limited ethernet connection until I am sure fail2ban is working properly. Well I attempted to do what I think you said, inserting the exact text as you provided in this correspondence under [apache-noscript] just after 'logpath = %(apache.......' and just before [apache-overflows] - with the following results:

After rebooting with the new fail2ban file, I get the following:

[email protected]:~ $ sudo fail2ban-client status
[sudo] password for pi:
Status
|- Number of jail: 1
`- Jail list: sshd
[email protected]:~ $ sudo fail2ban-client status OpenVPN
ERROR NOK: ('OpenVPN',)
Sorry but the jail 'OpenVPN' does not exist
[email protected]:~ $ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[email protected]:~ $ sudo fail2ban-client status apache-noscript
ERROR NOK: ('apache-noscript',)
Sorry but the jail 'apache-noscript' does not exist
[email protected]:~ $ sudo fail2ban-client status openvpn
ERROR NOK: ('openvpn',)
Sorry but the jail 'openvpn' does not exist

Thank you for any/your assistance!!!!!

User avatar
DougieLawson
Posts: 35358
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Raspbian Stretch fail2ban - New Post

Sat Oct 20, 2018 3:16 pm

This is my /etc/fail2ban/jail.conf

Code: Select all

[INCLUDES]
before = paths-debian.conf
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.3.0/24
ignorecommand =
bantime  = -600
findtime = 86400
maxretry = 1
backend = auto
usedns = warn
logencoding = auto
enabled = false
filter = %(__name__)s
destemail = [email protected]
sender = [email protected]
mta = sendmail
protocol = tcp
chain = INPUT
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
banaction = iptables-allports
banaction_allports = iptables-allports
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
action = %(action_)s
[sshd]
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[sshd-ddos]
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[dropbear]
port     = ssh
logpath  = %(dropbear_log)s
backend  = %(dropbear_backend)s
[selinux-ssh]
port     = ssh
logpath  = %(auditd_log)s
[apache-auth]
port     = http,https
logpath  = %(apache_error_log)s
[apache-badbots]
port     = http,https
logpath  = %(apache_access_log)s
bantime  = 172800
maxretry = 1
[apache-noscript]
port     = http,https
logpath  = %(apache_error_log)s
[apache-overflows]
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2
[apache-nohome]
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2
[apache-botsearch]
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2
[apache-fakegooglebot]
port     = http,https
logpath  = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
[apache-modsecurity]
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2
[apache-shellshock]
port    = http,https
logpath = %(apache_error_log)s
maxretry = 1
[php-url-fopen]
port    = http,https
logpath = %(apache_access_log)s
[postfix]
port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
[postfix-rbl]
port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
maxretry = 1
[postfix-sasl]
port     = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
[openvpn]
port     = 1194
protocol = udp
filter   = openvpn
logpath  = /var/log/openvpn.log
maxretry = 1
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Sat Oct 20, 2018 5:59 pm

DougieLawson:

Thank you so much - I will look into this, to use what I need!

Have a great evening!

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Fri Oct 26, 2018 4:06 am

DougieLawson - your help is greatly appreciated:

I boot to desktop; what else needs renaming besides user'name/id' pi - I found various user'name/pi' change methods? In changing my user'name/id' from pi, should I rename the /home/pi folder too - I see cautionary remarks about doing so. Once I do either or both, I will just leave my internet connected to see if the fail2ban jails works properly with all of the changes you specified so far in this correspondence - are there any others!

I will not replace the .conf file with my .local file since I only have limited fail2ban experience and I still need the original for reference.

Prior to my latest changes made today, I was getting the following WARNINGS sporadically, probably based upon whether or not I was connecting internet - not occuring so far with my latest changes:

2018-10-25 18:44:53,570 fail2ban.transmitter [449]: WARNING Command ['status$
$status', 'openvpn'] has failed. Received UnknownJailException('openvpn',)
2018-10-25 18:44:53,570 fail2ban.transmitter [449]: WARNING Command ['status$
$status', 'apache-noscript'] has failed. Received UnknownJailException('apache-$



I have made 1 necessary change based upon what you provided in the 2nd correspondence above/below plus your originally provided changes provided earlier with the following results with only ~30 minutes of total internet connection time. Be aware that I am using the raspbian latest released fail2ban v 0.9.6 which also has the following coding that you specified differently in this correspondence:

[php-url-fopen]

port = http,https
logpath = %(nginx_access_log)s
%(apache_access_log)s


Booted w/internet connected for only a 3 X 10 minute intervals with internet and shutdown, then booting or simply rebooting. Are my results (below) the result of my limited internet connection time (~2.5 hours total with only 30 minutes with all of your specified corrections in this correspondence) with only the warning attempts noted in these correspondence. Are these results because the jails are not created until after the attempts are made? Please let me know if there is another command to check if all is ok with my fail2ban coding.

[email protected]:~ $ sudo nano /var/log/fail2ban.log
[email protected]:~ $ sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
[email protected]:~ $ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[email protected]:~ $ sudo fail2ban-client status apache-noscript
ERROR NOK: ('apache-noscript',)
Sorry but the jail 'apache-noscript' does not exist
[email protected]:~ $ sudo fail2ban-client status openvpn
ERROR NOK: ('openvpn',)
Sorry but the jail 'openvpn' does not exist
[email protected]:~ $ exit

shutdown

User avatar
DougieLawson
Posts: 35358
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Raspbian Stretch fail2ban - New Post

Fri Oct 26, 2018 4:35 pm

Create these two files:

/etc/fail2ban/filter.d/apache-noscript.conf

Code: Select all

# Fail2Ban filter to block web requests for scripts (on non scripted websites)
#
# This matches many types of scripts that don't exist. This could generate a
# lot of false positive matches in cases like wikis and forums where users
# no affiliated with the website can insert links to missing files/scripts into
# pages and cause non-malicious browsers of the site to trigger against this
# filter.
#
# If you'd like to match specific URLs that don't exist see the
# apache-botsearch filter.
#

[INCLUDES]

# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
            ^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$

ignoreregex =


# DEV Notes:
#
# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
#
# Second regex, script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ is in httpd-2.2
#
# Author: Cyril Jaquier
/etc/fail2ban/filter.d/openvpn.conf

Code: Select all

# Fail2Ban filter for selected OpenVPN rejections
#
#

[Definition]

# Example messages (other matched messages not seen in the testing server's logs):
# Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed from [AF_INET]59.90.146.160:51223
# Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake failed

#failregex = ^ TLS Error: incoming packet authentication failed from \[AF_INET\]<HOST>:\d+$
#            ^ <HOST>:\d+ Connection reset, restarting
#            ^ <HOST>:\d+ TLS Auth Error
#            ^ <HOST>:\d+ TLS Error: TLS handshake failed$
#            ^ <HOST>:\d+ VERIFY ERROR

failregex = <HOST> TLS Error:
      <HOST> TLS Error: TLS handshake failed

ignoreregex =
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Fri Oct 26, 2018 7:04 pm

DougieLawson:


Thank you for the supplementary/additional information; I will edit the former file, create the latter file and keep all my fail2ban file coding!

Regards

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Fri Oct 26, 2018 9:38 pm

DougieLawson:

HELP - internet connected for ~ 60 minutes from reboot (3.5 hours total).

Still no go with the errors below which are similar to before. Your first change was already in the file that was already there (not commented out and checked every alphanumeric); I created the 2nd openvpn.conf file in the same/correct directory. Could the problem be with the new release - I used sudo nano to create the second file - copying text?

2018-10-26 15:51:38,281 fail2ban.transmitter [456]: WARNING Command ['status$
$status', 'apache-noscript'] has failed. Received UnknownJailException('apache-$
$pache-noscript',)
2018-10-26 15:52:03,754 fail2ban.transmitter [456]: WARNING Command ['status$
$status', 'openvpn'] has failed. Received UnknownJailException('openvpn',)

Other information:

[email protected]:~ $ sudo zgrep 'BAN' /var/log/fail2ban.log*
[email protected]:~ $ sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
[email protected]:~ $ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[email protected]:~ $ sudo fail2ban-client status apache-noscript
ERROR NOK: ('apache-noscript',)
Sorry but the jail 'apache-noscript' does not exist
[email protected]:~ $ sudo fail2ban-client status openvpn
ERROR NOK: ('openvpn',)
Sorry but the jail 'openvpn' does not exist
[email protected]:~ $ sudo nano /var/log/fail2ban.log
[email protected]:~ $ exit

User avatar
DougieLawson
Posts: 35358
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Raspbian Stretch fail2ban - New Post

Fri Oct 26, 2018 9:42 pm

Try stopping fail2ban, then deleting /var/lib/fail2ban/fail2ban.sqlite3 then a restart.

If that doesn't work report a bug to the author.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Fri Oct 26, 2018 10:16 pm

DougieLawson:

Thanks for all of your help - enjoy your evening as I think this may be the problem; the following has been in my file (from the beginning of my fail2ban log as the 2nd entry) and labeled as INFO:

2018-10-13 21:31:01,748 fail2ban.database [1290]: INFO Connected to fa$
$ to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
.
.
.
2018-10-26 15:48:22,059 fail2ban.database [456]: INFO Connected to fai$
$to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'

I will do as you say - though, not sure when I will get to it!

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Sat Oct 27, 2018 10:03 pm

Hello Cyril Jaquier - appreciate your help:

FAIL2BAN problems run yesterday after instructions from DougieLawson

Hello. I have a problem with fail2ban giving me the below listed warnings, even after issuing the rm and rm -r commands on fai2ban.sqlite3:

1) in the following case (rm command) the fail2ban service was stopped via:

[email protected]:~ $ sudo /etc/init.d/fail2ban stop
[ ok ] Stopping fail2ban (via systemctl): fail2ban.service.
[email protected]:/var/lib/fail2ban $ exit

no reboot - only terminal (TX) restart with just rm command

[email protected]:/var/lib/fail2ban $ sudo ls
[sudo] password for pi:
fail2ban.sqlite3
[email protected]:/var/lib/fail2ban $ sudo rm fail2ban.sqlite3
[email protected]:/var/lib/fail2ban $ sudo ls
[email protected]:/var/lib/fail2ban $ exit

rebooted

2) also tried sudo rm -r command

[email protected]:~ $ sudo nano /var/log/fail2ban.log
[sudo] password for pi:
[email protected]:~ $ sudo /etc/init.d/fail2ban stop
[ ok ] Stopping fail2ban (via systemctl): fail2ban.service.
[email protected]:~ $ sudo rm -r fail2ban.sqlite3
rm: cannot remove 'fail2ban.sqlite3': No such file or directory
[email protected]:~ $ sudo rm -r /var/lib/fail2ban/fail2ban.sqlite3
[email protected]:~ $ sudo ls /var/lib/fail2ban
[email protected]:~ $ sudo ls -l /var/lib/fail2ban
total 0
[email protected]:~ $ exit

rebooted

2018-10-26 18:54:11,602 fail2ban.database [485]: WARNING New database cre$
$to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'

[email protected]:~ $ sudo ls -l /var/lib/fail2ban
[sudo] password for pi:
total 56
-rw------- 1 root root 57344 Oct 26 18:55 fail2ban.sqlite3
[email protected]:~ $ sudo nano /var/log/fail2ban.log
[email protected]:~ $ sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
[email protected]:~ $ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[email protected]:~ $ sudo fail2ban-client status apache-noscript
ERROR NOK: ('apache-noscript',)
Sorry but the jail 'apache-noscript' does not exist
[email protected]:~ $ sudo fail2ban-client status openvpn
ERROR NOK: ('openvpn',)
Sorry but the jail 'openvpn' does not exist
[email protected]:~ $ exit

no reboot - only Terminal (TX) restart

[email protected]:~ $ sudo nano /var/log/fail2ban.log

2018-10-26 19:01:38,184 fail2ban.transmitter [485]: WARNING Command ['status$
$status', 'apache-noscript'] has failed. Received UnknownJailException('apache-$
2018-10-26 19:02:05,395 fail2ban.transmitter [485]: WARNING Command ['status$
$status', 'openvpn'] has failed. Received UnknownJailException('openvpn',)

[email protected]:~ $ exit

shutdown

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban warnings Dougie Lawson referral to Cyril Jaquier

Mon Oct 29, 2018 1:17 pm

Hello Cyril Jaquier; please assist!

DougieLawson referred me to you for FAIL2BAN warnings/problems after following his instructions in an attempt to fix apache-noscript and openvpn - see additional details in earlier post below.

[email protected]:~ $ sudo fail2ban-client status apache-noscript
ERROR NOK: ('apache-noscript',)
Sorry but the jail 'apache-noscript' does not exist
[email protected]:~ $ sudo fail2ban-client status openvpn
ERROR NOK: ('openvpn',)
Sorry but the jail 'openvpn' does not exist
[email protected]:~ $ exit

no reboot - only Terminal (TX) restart

[email protected]:~ $ sudo nano /var/log/fail2ban.log

2018-10-26 19:01:38,184 fail2ban.transmitter [485]: WARNING Command ['status$
$status', 'apache-noscript'] has failed. Received UnknownJailException('apache-$
2018-10-26 19:02:05,395 fail2ban.transmitter [485]: WARNING Command ['status$
$status', 'openvpn'] has failed. Received UnknownJailException('openvpn',)

[email protected]:~ $ exit

shutdown

User avatar
DougieLawson
Posts: 35358
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Raspbian Stretch fail2ban - New Post

Mon Oct 29, 2018 6:48 pm

I don't think you'll find Cyril on here. Go and ask at: https://github.com/fail2ban/fail2ban
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

wmnally5
Posts: 65
Joined: Thu Sep 13, 2018 9:35 pm

Re: Raspbian Stretch fail2ban - New Post

Mon Oct 29, 2018 8:36 pm

DougieLawson:

I was not sure either; thank you!

Return to “Raspbian”