Hello. I went tired to read Xn (1000-7000) failed log ins sins last… For my fronting server to I-net when I log in from the outside/remote. Well I have strong passwords and are always keen on install the latest patches but… This was getting annoying sins I open up for a row of web-applications and ssh.
fail2ban is in the repos. Easy as baking a cake. Zypper in… No. Refuse to start after install. Had a look with yast(not yast2)/software and I was recommended 2 additional packages (firewall2 integration). But no.
systemctl start fail2ban
Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details.
systemctl status fail2ban
fail2ban.service - Bans IPs with too many authentication failures
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled)
Drop-In: /usr/lib/systemd/system/fail2ban.service.d
└─SuSEfirewall2.conf
Active: failed (Result: exit-code) since Thu 2015-01-08 17:20:40 CET; 2s ago
Process: 11462 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
Process: 11626 ExecStart=/usr/bin/fail2ban-client -x $FAIL2BAN_OPTIONS start (code=exited, status=255)
Main PID: 10463 (code=killed, signal=TERM)
Jan 08 17:20:40 opensusemail systemd[1]: Starting Bans IPs with too many authentication failures...
Jan 08 17:20:40 opensusemail fail2ban-client[11626]: ERROR Failed during configuration: File contains parsing errors: /etc/fail2ban/jail.local
Jan 08 17:20:40 opensusemail fail2ban-client[11626]: [line 4]: 'hostnames
'
Jan 08 17:20:40 opensusemail systemd[1]: fail2ban.service: control process exited, code=exited status=255
Jan 08 17:20:40 opensusemail systemd[1]: Failed to start Bans IPs with too many authentication failures.
Jan 08 17:20:40 opensusemail systemd[1]: Unit fail2ban.service entered failed state.
journalctl -xn
-- Logs begin at Sat 2013-01-05 13:47:30 CET, end at Thu 2015-01-08 17:20:40 CET. --
.....
Jan 08 17:20:40 opensusemail systemd[1]: Starting Bans IPs with too many authentication failures...
-- Subject: Unit fail2ban.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has begun starting up.
Jan 08 17:20:40 opensusemail fail2ban-client[11626]: ERROR Failed during configuration: File contains parsing errors: /etc/fail2ban/jail.local
Jan 08 17:20:40 opensusemail fail2ban-client[11626]: [line 4]: 'hostnames
'
Jan 08 17:20:40 opensusemail systemd[1]: fail2ban.service: control process exited, code=exited status=255
Jan 08 17:20:40 opensusemail systemd[1]: Failed to start Bans IPs with too many authentication failures.
-- Subject: Unit fail2ban.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d
--
-- Unit fail2ban.service has failed.
--
-- The result is failed.
Jan 08 17:20:40 opensusemail systemd[1]: Unit fail2ban.service entered failed state.
Ok. Lets have a look in /etc/fail2ban/jail.local:
# test
[DEFAULT]
# a space delimited list of IP addresses, CIDR prefixes, or DNS
hostnames
# to bypass fail2ban protection
....
And I change it to:
# test
[DEFAULT]
# a space delimited list of IP addresses, CIDR prefixes, or DNS
#hostnames
# to bypass fail2ban protection
....
There is no jail.local by default in the fail2ban package and the 13.1 fail2ban-0.8.14-2.17.1.noarch under 13.1 functions as expected after a fresh install.
opensusemail:/etc/fail2ban # ll
total 36
drwxr-xr-x 2 root root 4096 Jan 8 15:32 action.d
-rw-r--r-- 1 root root 1525 Aug 19 22:23 fail2ban.conf
drwxr-xr-x 2 root root 4096 Jan 8 15:32 filter.d
-rw-r--r-- 1 root root 19331 Dec 3 11:38 jail.conf
-rw-r--r-- 1 root root 765 Jan 8 17:23 jail.local
Well its there. Even if my WM reports 0.8.14-2.17.1(released December 3, 2014 for fail2ban.).
First tried to install December 3, 2014. Had a look upon it Dec 27, 2014. Post is based on today January 8, 2015. Well The WM (13.1) is upgraded from a 12.x VM. No I never try install fail2ban on that :). A search on the net shows that jail.conf and jail.local have a lot of things to clear out in fail2ban and config.
Nevertheless, there is no jail.local in the default package for 13.1 nor 13.2.
You can verify this by looking at the .rpm for 13.1 or 13.2 or any of the updated files in the update / noarch or by simply doing a rpm -ql fail2ban | grep -i jail.local
You can also verify that the package does not own the file with; rpm -qf /etc/fail2ban/jail.local
Last failed login: Fri Jan 9 05:41:12 CET 2015 from 62-210-180-31.rev.poneytelecom.eu on ssh:notty
There were 26 failed login attempts since the last successful login.
-Instead of 3-4 digits long number of login attemps. So apparantly fail2ban works. Even with this “mystical file” jail.local that I and other have after installation of fail2ban.
> Miuku;2688030 Wrote:
>> Unless you can provide me with an openSUSE .rpm where the file is,
>> there is no such file by default no matter how much you insist.
>>
>> Your bug report will get closed and they’ll say the same thing.
>
> No other comment then LOL.
OK, guys, that’s enough. Stop with the personal attacks - you both know
better.