Problem with Fail2ban

wasp · November 25, 2022, 5:18pm

Can someone tell what is the problem with Fail2ban, it’s not active in HestiaCP, it shows red icon? Maybe it’s because I have changed SSH port? Tried to restart few times but it didn’t work.

It shows me this with systemctl status fail2ban

Nov 25 17:24:49 vm4036621.52ssd.had.wf systemd[1]: Starting Fail2Ban Service…
Nov 25 17:24:49 vm4036621.52ssd.had.wf systemd[1]: Started Fail2Ban Service.
Nov 25 17:24:49 vm4036621.52ssd.had.wf fail2ban-server[11553]: 2022-11-25 17:24:49,909 fail2ban [11553]: ERROR Failed during configuration: Have not found any log file for recidive jail
Nov 25 17:24:49 vm4036621.52ssd.had.wf fail2ban-server[11553]: 2022-11-25 17:24:49,912 fail2ban [11553]: ERROR Async configuration of server failed
Nov 25 17:24:49 vm4036621.52ssd.had.wf systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Nov 25 17:24:49 vm4036621.52ssd.had.wf systemd[1]: fail2ban.service: Failed with result ‘exit-code’.

jlguerrero · November 25, 2022, 5:36pm

Configure the recidive jail properly or deactivate it.

wasp · November 25, 2022, 5:44pm

Should I change something here?

[ssh-iptables]
enabled = true
filter = sshd
action = hestia[name=SSH]
logpath = /var/log/auth.log
maxretry = 5

[vsftpd-iptables]
enabled = true
filter = vsftpd
action = hestia[name=FTP]
logpath = /var/log/vsftpd.log
maxretry = 5

[exim-iptables]
enabled = true
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlog

[dovecot-iptables]
enabled = true
filter = dovecot
action = hestia[name=MAIL]
logpath = /var/log/dovecot.log

[mysqld-iptables]
enabled = false
filter = mysqld-auth
action = hestia[name=DB]
logpath = /var/log/mysql.log
maxretry = 5

[hestia-iptables]
enabled = true
filter = hestia
action = hestia[name=HESTIA]
logpath = /var/log/hestia/auth.log
maxretry = 5

[roundcube-auth]
enabled = false
filter = roundcube-auth
action = hestia[name=WEB]
logpath = /var/log/roundcube/errors.log
maxretry = 5

[recidive]
enabled = true
filter = recidive
action = hestia[name=RECIDIVE]
logpath = /var/log/fail2ban.log
maxretry = 5
findtime = 86400
bantime = 864000

#Uncomment and add your IPs and or domains to the Whitelist
#[DEFAULT]
#ignoreip = 111.111.111.111 222.222.222.222 subdomain.example.tld example.tld 333.333.333.333

wasp · November 25, 2022, 6:15pm

Used this command - cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local and it’s working now but is it ok?

Found it here - How to Use Fail2ban to Secure Your Server (A Tutorial) | Linode

eris · November 25, 2022, 7:04pm

Please use Hestia’s default local:

github.com

hestiacp/hestiacp/blob/main/install/deb/fail2ban/jail.local

[ssh-iptables]
enabled  = true
filter   = sshd
action   = hestia[name=SSH]
logpath  = /var/log/auth.log
maxretry = 5

[vsftpd-iptables]
enabled  = false
filter   = vsftpd
action   = hestia[name=FTP]
logpath  = /var/log/vsftpd.log
maxretry = 5

[exim-iptables]
enabled  = true
filter   = exim
action   = hestia[name=MAIL]
logpath  = /var/log/exim4/mainlog

This file has been truncated. show original

And make your changes carefully. Other wise Hestia attacks are not attacks…

eris · November 25, 2022, 9:24pm

touch /var/log/fail2ban.log as root would solve the issue