I have installed Fail2ban via Virtualmin (it was in unused modules). However looking through the configs there are a lot of references to IPTables, yet, Centos 7 uses FirewallD.
Should I uninstall the virtualmin F2B module and reinstall as per the instructions in the link below?
do you have the package fail2ban-firewalld installed?
that appears to set it to use firewalld by default, I installed it by using yum install fail2ban and its worked perfectly with Firewalld
Are you suggesting I uninstall the VirtualMin module first, and then reinstall using yum install fail2ban?
im sure that would just install it the same way anyway, however I didn’t use that…
if you do a yum status fail2ban-firewalld does that say its installed?
if its not you should just be able to install that module to the current one
It just says:
$ yum status fail2ban-firewalld
Loaded plugins: fastest mirror
No such command: status. Please use /usr/bin/yum --help
oops
that should have been yum info fail2ban-firewalld
Looks like it’s installed:
# yum info fail2ban-firewalld
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centosmirror.netcup.net
* epel: mirror.karneval.cz
* extras: ftp.plusline.de
* updates: mirror2.hs-esslingen.de
Installed Packages
Name : fail2ban-firewalld
Arch : noarch
Version : 0.9.3
Release : 1.el7
Size : 270
Repo : installed
From repo : epel
Summary : Firewalld support for Fail2Ban
URL : http://fail2ban.sourceforge.net/
Licence : GPLv2+
Description : This package enables support for manipulating firewalld rules.
: This is the default firewall service in Fedora.
in that case it should be working… can you see it adding rules etc on the jails you have enabled?
ipset --list will show the enabled jails and any ip’s that are banned
I don’t get anything back after that 
Edit: I haven’t enabled anything yet, just installed it(f2b) via the ‘unused modules’ section in webmin
ah right…
well it seems the virtualmin way installs the same thing command line does (which makes sense) so you should just be able to enable jails and it should work… that firewalld one is supposed to override them to use that instead
I’m going to horn in on this thread because perhaps Brook will run into the same problems I have and will then have the same questions I do.
As mentioned in a previous thread I’m evaluating the GPL version before going Pro. With AskewDread’s help I solved my other issue (thank-you again), but I’m having difficulty with fail2ban, also on a CentOS 7 system.
I first attempted to install fail2ban via Webmin, but that failed because I hadn’t installed EPEL per the instructions at https://www.virtualmin.com/documentation/security/fail2ban . So I did that and then Webmin was able to install fail2ban, along with a bunch of dependencies. So far, so good.
Then the problems started.
I clicked through to the now active fail2ban module and started fail2ban. According to “ps” this appears to have been successful. Then I attempted to configure it to start at boot. Each time the page refreshed, “No” was still selected. So I moved on.
Contrary to the documentation linked to above, the SSH monitoring shows as disabled under “Filter Action Jails”. When I tried to enable it I got the following error:
Failed to save jail : All log files must be absolute paths or patterns
All I did was click “Yes” next to “Currently enabled?” and then the “Save” button, leaving all of the default settings in place. Am I supposed to change the default settings? Which ones?
I tried activating a couple of other jails in the same way and received exactly the same error each time. Something is not working.
Back at the full list of jails, while one can select multiple jails, there doesn’t seem to be a way to activate them at the same time. Do I really have to activate them one at a time?! Regardless, I’m getting the above error when I try anyway.
Simply put, fail2ban doesn’t seem to be working on my server. I can’t configure it (through Webmin anyway) to start on boot, and I cannot activate any of the filter actions.
Anyone have any ideas? Thanks.
Craig
Thanks for your help Askew 
Is there a list of what to enable jails for when using with Virtualmin? Any other recommendations on security? (FirewallD already installed
Craig, I can turn it on/off fine here. Is everything else on your server running ok?
ill leave that to be answered by someone else im not sure if there is or isn’t… I just enabled the ones I care about
the ones I currently use are: sshd, sshd-ddos, mysqld_auth, pam-generic, postfix, postfix-sasl
Hi Brook,
Yup, everything else is running OK. This was the final test I was running before deciding whether or not to buy the Pro version. I’d addressed all of my other concerns/tests, and this came out of nowhere. I’ve installed and configured fail2ban manually on other servers, but the point of Virtualmin is to do it through Virtualmin, of course, so that’s what I’m trying to do.
The fail2ban log (/var/log/fail2ban.log) has only three lines in it that basically record only the start-up. I’ve grepped “fail2ban” in every file in and under /var/log and /var/webmin/webmin.log, but there are no clues. Are there any other logs I can check?
Craig