Fail2Ban on Centos 7

I have installed Fail2ban via Virtualmin (it was in unused modules). However looking through the configs there are a lot of references to IPTables, yet, Centos 7 uses FirewallD.

Should I uninstall the virtualmin F2B module and reinstall as per the instructions in the link below?

do you have the package fail2ban-firewalld installed?
that appears to set it to use firewalld by default, I installed it by using yum install fail2ban and its worked perfectly with Firewalld

Are you suggesting I uninstall the VirtualMin module first, and then reinstall using yum install fail2ban?

im sure that would just install it the same way anyway, however I didn’t use that…
if you do a yum status fail2ban-firewalld does that say its installed?

if its not you should just be able to install that module to the current one

It just says:

$ yum status fail2ban-firewalld
Loaded plugins: fastest mirror
No such command: status. Please use /usr/bin/yum --help


that should have been yum info fail2ban-firewalld

Looks like it’s installed:

# yum info fail2ban-firewalld Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: * epel: * extras: * updates: Installed Packages Name : fail2ban-firewalld Arch : noarch Version : 0.9.3 Release : 1.el7 Size : 270 Repo : installed From repo : epel Summary : Firewalld support for Fail2Ban URL : Licence : GPLv2+ Description : This package enables support for manipulating firewalld rules. : This is the default firewall service in Fedora.

in that case it should be working… can you see it adding rules etc on the jails you have enabled?

ipset --list will show the enabled jails and any ip’s that are banned

I don’t get anything back after that :confused:

Edit: I haven’t enabled anything yet, just installed it(f2b) via the ‘unused modules’ section in webmin

ah right…

well it seems the virtualmin way installs the same thing command line does (which makes sense) so you should just be able to enable jails and it should work… that firewalld one is supposed to override them to use that instead

I’m going to horn in on this thread because perhaps Brook will run into the same problems I have and will then have the same questions I do.

As mentioned in a previous thread I’m evaluating the GPL version before going Pro. With AskewDread’s help I solved my other issue (thank-you again), but I’m having difficulty with fail2ban, also on a CentOS 7 system.

I first attempted to install fail2ban via Webmin, but that failed because I hadn’t installed EPEL per the instructions at . So I did that and then Webmin was able to install fail2ban, along with a bunch of dependencies. So far, so good.

Then the problems started.

I clicked through to the now active fail2ban module and started fail2ban. According to “ps” this appears to have been successful. Then I attempted to configure it to start at boot. Each time the page refreshed, “No” was still selected. So I moved on.

Contrary to the documentation linked to above, the SSH monitoring shows as disabled under “Filter Action Jails”. When I tried to enable it I got the following error:

Failed to save jail : All log files must be absolute paths or patterns

All I did was click “Yes” next to “Currently enabled?” and then the “Save” button, leaving all of the default settings in place. Am I supposed to change the default settings? Which ones?

I tried activating a couple of other jails in the same way and received exactly the same error each time. Something is not working.

Back at the full list of jails, while one can select multiple jails, there doesn’t seem to be a way to activate them at the same time. Do I really have to activate them one at a time?! Regardless, I’m getting the above error when I try anyway.

Simply put, fail2ban doesn’t seem to be working on my server. I can’t configure it (through Webmin anyway) to start on boot, and I cannot activate any of the filter actions.

Anyone have any ideas? Thanks.


Thanks for your help Askew :slight_smile: Is there a list of what to enable jails for when using with Virtualmin? Any other recommendations on security? (FirewallD already installed :slight_smile:

Craig, I can turn it on/off fine here. Is everything else on your server running ok?

ill leave that to be answered by someone else :slight_smile: im not sure if there is or isn’t… I just enabled the ones I care about

the ones I currently use are: sshd, sshd-ddos, mysqld_auth, pam-generic, postfix, postfix-sasl

Hi Brook,

Yup, everything else is running OK. This was the final test I was running before deciding whether or not to buy the Pro version. I’d addressed all of my other concerns/tests, and this came out of nowhere. I’ve installed and configured fail2ban manually on other servers, but the point of Virtualmin is to do it through Virtualmin, of course, so that’s what I’m trying to do.

The fail2ban log (/var/log/fail2ban.log) has only three lines in it that basically record only the start-up. I’ve grepped “fail2ban” in every file in and under /var/log and /var/webmin/webmin.log, but there are no clues. Are there any other logs I can check?