Fail2ban not working after upgrade from 9.2 to 10

Mouse

4
+0/-0

Fail2ban not working after upgrade from 9.2 to 10

« on: January 07, 2024, 06:38:02 PM »

Hi
Need help to reset fail2ban. ( clean install )
After upgrade server works, but fail2ban not.
Lot of hackers try brute force user passwords

receive such response:
# fail2ban-client status
Status
|- Number of jail: 0
`- Jail list:

I try uninstall, remove etc/fail2ban/fail2ban.conf and reinstall
Not helping.

in logs:
esmith::event[8109]: WARNING in /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP: Use of uninitialized value $_[0] in pattern match (m//) at /usr/share/perl5/vendor_perl/Net/IPv4Addr.pm line 93.
esmith::event[8109]: WARNING in /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP: Use of uninitialized value $error[2] in join or string at /usr/share/perl5/vendor_perl/Carp.pm line 311.
esmith::event[8109]: ERROR in /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP: Program fragment delivered error <<Net::IPv4Addr: invalid IPv4 address:
esmith::event[8109]: at /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP line 32.>> at template line 1
esmith::event[8109]: ERROR: Template processing failed for //etc/fail2ban/jail.conf: 2 fragments generated warnings, 1 fragment generated errors

Logged

ReetP

3,740
+5/-0

Re: Fail2ban not working after upgrade from 9.2 to 10

« Reply #1 on: January 08, 2024, 01:27:09 AM »

The most likely issue here is an incorrect upgrade, an old template/configuration, or an incorrectly installed contrib.

See Documenting and Logs.

https://forums.koozali.org/index.php/topic,54724.0.html

Particularly paste the output of these:

Code: [Select]

/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates

Be sure to remove any old custom templates.

Tell us how you upgraded the server. USB, or some other method?

Logged

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Jean-Philippe Pialasse

2,765
+11/-0
aka Unnilennium

Re: Fail2ban not working after upgrade from 9.2 to 10

« Reply #2 on: January 08, 2024, 02:35:27 AM »

also what returns

Code: [Select]

config getprop fail2ban IgnoreIP

Logged

Mouse

4
+0/-0

Re: Fail2ban not working after upgrade from 9.2 to 10

« Reply #3 on: January 08, 2024, 12:20:44 PM »

Hi

Upgrade made by USB.

reply from comands:

****************************************************
[root@xxxi ~]# /sbin/e-smith/audittools/newrpms
Loaded plugins: fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
* base: mirror.cloudhosting.lv
* smeaddons: ibsgaarden.dk
* smeos: ibsgaarden.dk
* smeupdates: ibsgaarden.dk
* updates: mirror.cloudhosting.lv
Extra Packages
bandwidthd.x86_64 2.0.1.1-9.el7.sme @smecontribs
denyhosts.noarch 3.1-12.el7.sme @smecontribs
fail2ban-sendmail.noarch 0.11.2-3.el7 @smecontribs
fail2ban-server.noarch 0.11.2-3.el7 @smecontribs
fping.x86_64 3.10-4.el7 @smecontribs
hddtemp.x86_64 0.3-0.31.beta15.el7 @smecontribs
perl-Data-Validate-IP.noarch 0.27-13.el7 @smecontribs
perl-MLDBM.noarch 2.05-1.el7 @smecontribs
perl-Unicode-IMAPUtf7.noarch 2.01-1.of.el7 @smecontribs
smeserver-bandwidthd.noarch 2.0.1.2-17.el7.sme @smecontribs
smeserver-certificate.noarch 0.0.4-13.el7.sme @smecontribs
smeserver-check4updates.noarch 0.0.4-4.el7.sme @smecontribs
smeserver-crontab_manager.noarch 2.4-7.el7.sme @smecontribs
smeserver-denyhosts.noarch 2.9-19.el7.sme @smecontribs
smeserver-dhcp-dns.noarch 1.2.0-5.el7.sme @smecontribs
smeserver-dhcpmanager.noarch 2.0.4-12.el7.sme @smecontribs
smeserver-diskusage.noarch 0.2.0-5.el7.sme @smecontribs
smeserver-durep.noarch 1.5.0-16.el7.sme @smecontribs
smeserver-email-management.noarch 1.3-5.el7.sme @smecontribs
smeserver-fail2ban.noarch 9:0.1.18-30.el7.sme @smecontribs
smeserver-hwinfo.noarch 1.2-5.el7.sme @smecontribs
smeserver-mailsorting.noarch 1.4-14.el7.sme @smecontribs
smeserver-mailstats.noarch 1.1-17.el7.sme @smecontribs
smeserver-mod_dav.noarch 1.1-8.el7.sme @smecontribs
smeserver-password.noarch 1.2.0-14.el7.sme @smecontribs
smeserver-qmHandle.noarch 1.4-24.el7.sme @smecontribs
smeserver-raidstatus.noarch 0.3-3.el7.sme @smecontribs
smeserver-remoteuseraccess.noarch 1.3-6.el7.sme @smecontribs
smeserver-shared-folders.noarch 0.3-18.el7.sme @smecontribs
smeserver-smbstatus.noarch 1.2-3 @smecontribs
smeserver-smeadmin.noarch 1.6-10.el7.sme @smecontribs
smeserver-sysmon.noarch 6.5-5.el7.sme @smecontribs
smeserver-userpanel.noarch 1.4-6.el7.sme @smecontribs
smeserver-vacation.noarch 1.1-34.el7.sme @smecontribs
smeserver-wbl.noarch 0.5.0-7.el7.sme @smecontribs

[root@xxxx ~]# /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/17check_basicheaders: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/17check_basicheaders: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86awstats: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/unjunkmgr: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/unjunkstats: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/awstats: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/unjunk: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/pam.d/system-auth/40password: OWNED_BY_RPM, OVERRIDE

config getprop fail2ban IgnoreIP
,80.89.78.135/32,80.89.78.135/32,212.3.196.209/32,212.3.196.53/32

Logged

Jean-Philippe Pialasse

2,765
+11/-0
aka Unnilennium

Re: Fail2ban not working after upgrade from 9.2 to 10

« Reply #4 on: January 08, 2024, 12:30:09 PM »

you have a coma at the beginning of the string failing the template.

Code: [Select]

config setprop fail2ban IgnoreIP 80.89.78.135/32,80.89.78.135/32,212.3.196.209/32,212.3.196.53/32
then

Code: [Select]

signal-event fail2ban-conf

and you will be good

Logged

Mouse

4
+0/-0

Re: Fail2ban not working after upgrade from 9.2 to 10

« Reply #5 on: January 08, 2024, 12:36:25 PM »

Hi

Strange mistake. I only use server-manager to add IP. This comes up from previous 9.2

now reply is:
]# fail2ban-client status
Status
|- Number of jail: 14
`- Jail list: ftp, http-auth, http-badbots, http-fakegooglebot, http-noscript, http-overflows, http-scan, http-shellshock, imap, pam-generic, qpsmtpd, recidive, ssh, ssh-ddos

hope it helps and starts work.
Thanks

Logged

ReetP

3,740
+5/-0

Re: Fail2ban not working after upgrade from 9.2 to 10

« Reply #6 on: January 08, 2024, 12:47:44 PM »

Glad you got it fixed.

Also have a look at xt_geoip

https://wiki.koozali.org/Xt_geoip

Logged

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation