Fail2Ban not working

🛈 SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.3
Webmin version 1.984
Virtualmin version 6.17-3
Related packages failban 0.11.1

Hi @staff @Jamie ,

As you know we recently upgraded from Ubuntu 18.,04 to 20.04 LTS, we have been through many painful changes, which is part of life. The good news is that we are moving forward. However, the really bad news is: fail2ban is not working for all the jails.

I had 23 jails enabled an older version (0.10.2) and I wanted to have all of them on the new one… However, when I run fail2ban-server status on the old server I can see 23 jails but the same command on the new server (new version of f2b) shows only 18 jails.

The 5 missing jails are: courier-auth, phpmyadmin-syslog, pam-generic, postfix-auth and postfix-sasl

The last 3 jails (phpmyadmin-syslog, pam-generic, postfix-auth and postfix-sasl) are very important for us as there is a lot of scan and login attempt going on around these and my logs are getting filled up. TBH, I have now closed all the ports now just to protect the system but obviously, it is now impacting us with our BAU activities.

I have checked all that I could have but was unable to figure out what I am missing. I think there are some syntax changes with the f2b configuration in the new version and I still using old syntax and old configuration but then how come it is working for the remaining 18 jails?

Can you pls confirm if I need to create a file in the filter.d and action.d folder as well? If yes, can you pls share the code for postfix-sasl that needs to go under a specific folder/file?

I will be more than happy to copy-paste the code and test it - to see if that works.

Many Thanks,
Ravi

You may need to ask the fail2ban developers about this - it’s possible that the new version isn’t compatible with older config files. Unfortunately this isn’t something Virtualmin controls …

I think I have managed it by digging thru the f2b forums and githubs… There are no more errors.

I have enabled all IPs and the moment of truth starts now. Let’s see.

I am suspecting IPs are not reaching the jail and so not getting blocked. Do you have any suggestion on how can I be sure that the f2b and jails are working as expected?

Does fail2ban have any debugging logs that you can enable?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.