Install Fail2ban after setup

Community Support Firewall
1

Hi,

I was wondering how to install Fail2ban after doing an HestiaCP setup.

With VestaCP there is a detailed setup to carry out:
http://vestacp.com/docs/#how-to-install-fail2ban-debian-ubuntu

Is there something similar with HestiaCP?

Thanks for any help!

Best regards,
Roberto Jobet

2

Hi @jobet

Basicly yes, when you repeat the installation steps of fail2ban: https://github.com/hestiacp/hestiacp/blob/85158e483f11cde9e5f0a3abe4ca56144b4c0102/install/hst-install-ubuntu.sh#L1525

This is nearly the same thing vesta is doing, just a bit easier written. We are working on our docs together with the release of 1.2.0 and also will try to add such easy how toā€™s.

1 Like
3

Hi @Raphael

Thanks for your quick reply!

I donā€™t understand every command in the ā€œConfigure Fail2Banā€ sectionā€¦

Could you kindly confirm which are the additional steps Iā€™m missing in the following list?

apt-get install fail2ban
ā€¦
touch /var/log/auth.log
chmod 640 /var/log/auth.log
chown root:adm /var/log/auth.log
update-rc.d fail2ban defaults
systemctl start fail2ban

Thanks in advance.

Best regards,
Roberto Jobet

4

BTW Iā€™m installing it along with Dovecot and Exim (No vsftpd)!

Best regards,
Roberto Jobet

5

Hi @Raphael,

Iā€™ve installed in another server HestiaCP including Fail2Ban.

Then Iā€™ve installed Fail2Ban in the first server and copied the file /etc/fail2ban/jail.local from the new server into the first one.

Trying to restart fail2ban, the following errors show up:

fail2ban-server[11515]: Unable to read action ā€˜hestiaā€™
Errors in jail ā€˜ssh-iptablesā€™. Skippingā€¦
Unable to read action ā€˜hestiaā€™
Errors in jail ā€˜exim-iptablesā€™. Skippingā€¦
Unable to read action ā€˜hestiaā€™
Errors in jail ā€˜dovecot-iptablesā€™. Skippingā€¦
Found no accessible config files for ā€˜filter.d/hestiaā€™ u
Unable to read the filter ā€˜hestiaā€™
Errors in jail ā€˜hestia-iptablesā€™. Skippingā€¦

What else do I have to copy from new server?

Thanks for any help.

Best regards,
Roberto Jobet

6

Infact you got the files already, did you also added ā€œFIREWALL_EXTENSION=ā€˜fail2banā€™ā€ in hestia.conf? Then trigger a v-update-firewall, restart fail2ban again and check if all is working properly.

1 Like
7

Hi @Raphael,

Many thanks for your reply, I appreciate it!

Yes I added to hestia.conf.

Didnā€™t know about v-update-firewallā€¦ Iā€™m quite new to Hestiaā€¦ :wink:

Iā€™ll try and let you know!

Best regards,
Roberto Jobet