Fail2Ban option overload

Help! (Home for newbies)
1

I am on a 7.50.0 that started as a 7.4x. I noticed today that Fail2Ban didn’t have an apache-auth jail (which I do on an other Virtualmin but don’t remember configuring personally, though that does not mean that I didn’t). Either way I did not setup the jails that are there now (dovecot, postfix, postfix-sasl, proftpd, sshd, webmin-auth).

I apologize if this is a question that belongs I a forum dedicated to Fail2Ban, but I noticed the plethora of options for apache stuff under:

Webmin > Networking > Fail2Ban Intrusion Detector > Filter Action Jails

image
image302×215 36.7 KB

… is there any reason I wouldn’t want all of these enabled?

Thanks.

SYSTEM INFORMATION
OS type and version Ubuntu 24.04
Virtualmin version 7.50.0
2

I too observe fail2ban is not starting on some Debian 11 and 12 systems…

3

To clarify, it did start, it just didn’t have apache-auth enabled by default which I thought was curious for a LAMP (which does have a few others automatically enabled).

Probably normal though.

My real question is “why not enable all of them that have apache in the name” (or anything else I know I’m running)?

4

Because doing so would require resources (RAM and CPU) which are always scarce and you might want to keep them free for web hosting services.