Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: Mouse on January 07, 2024, 06:38:02 PM

Title: Fail2ban not working after upgrade from 9.2 to 10
Post by: Mouse on January 07, 2024, 06:38:02 PM

Hi
Need help to reset fail2ban. ( clean install )
After upgrade server works, but fail2ban not.
Lot of hackers try brute force user passwords

receive such response:
# fail2ban-client status
Status
|- Number of jail:      0
`- Jail list:

I try uninstall, remove etc/fail2ban/fail2ban.conf and reinstall
Not helping.

in logs:
esmith::event[8109]: WARNING in /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP: Use of uninitialized value $_[0] in pattern match (m//) at /usr/share/perl5/vendor_perl/Net/IPv4Addr.pm line 93.
esmith::event[8109]: WARNING in /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP: Use of uninitialized value $error[2] in join or string at /usr/share/perl5/vendor_perl/Carp.pm line 311.
esmith::event[8109]: ERROR in /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP: Program fragment delivered error <<Net::IPv4Addr: invalid IPv4 address:
esmith::event[8109]: at /etc/e-smith/templates//etc/fail2ban/jail.conf/05IgnoreIP line 32.>> at template line 1
esmith::event[8109]: ERROR: Template processing failed for //etc/fail2ban/jail.conf: 2 fragments generated warnings, 1 fragment generated errors

Title: Re: Fail2ban not working after upgrade from 9.2 to 10
Post by: ReetP on January 08, 2024, 01:27:09 AM

The most likely issue here is an incorrect upgrade, an old template/configuration, or an incorrectly installed contrib.

See Documenting and Logs.

https://forums.koozali.org/index.php/topic,54724.0.html (https://forums.koozali.org/index.php/topic,54724.0.html)

Particularly paste the output of these:

Code: [Select]

/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates

Be sure to remove any old custom templates.

Tell us how you upgraded the server. USB, or some other method?

Title: Re: Fail2ban not working after upgrade from 9.2 to 10
Post by: Jean-Philippe Pialasse on January 08, 2024, 02:35:27 AM

also what returns

Code: [Select]

config getprop fail2ban IgnoreIP

Title: Re: Fail2ban not working after upgrade from 9.2 to 10
Post by: Mouse on January 08, 2024, 12:20:44 PM

Hi

Upgrade made by USB.

reply from comands:


****************************************************
[root@xxxi ~]# /sbin/e-smith/audittools/newrpms
Loaded plugins: fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: mirror.cloudhosting.lv
 * smeaddons: ibsgaarden.dk
 * smeos: ibsgaarden.dk
 * smeupdates: ibsgaarden.dk
 * updates: mirror.cloudhosting.lv
Extra Packages
bandwidthd.x86_64                        2.0.1.1-9.el7.sme          @smecontribs
denyhosts.noarch                         3.1-12.el7.sme             @smecontribs
fail2ban-sendmail.noarch                 0.11.2-3.el7               @smecontribs
fail2ban-server.noarch                   0.11.2-3.el7               @smecontribs
fping.x86_64                             3.10-4.el7                 @smecontribs
hddtemp.x86_64                           0.3-0.31.beta15.el7        @smecontribs
perl-Data-Validate-IP.noarch             0.27-13.el7                @smecontribs
perl-MLDBM.noarch                        2.05-1.el7                 @smecontribs
perl-Unicode-IMAPUtf7.noarch             2.01-1.of.el7              @smecontribs
smeserver-bandwidthd.noarch              2.0.1.2-17.el7.sme         @smecontribs
smeserver-certificate.noarch             0.0.4-13.el7.sme           @smecontribs
smeserver-check4updates.noarch           0.0.4-4.el7.sme            @smecontribs
smeserver-crontab_manager.noarch         2.4-7.el7.sme              @smecontribs
smeserver-denyhosts.noarch               2.9-19.el7.sme             @smecontribs
smeserver-dhcp-dns.noarch                1.2.0-5.el7.sme            @smecontribs
smeserver-dhcpmanager.noarch             2.0.4-12.el7.sme           @smecontribs
smeserver-diskusage.noarch               0.2.0-5.el7.sme            @smecontribs
smeserver-durep.noarch                   1.5.0-16.el7.sme           @smecontribs
smeserver-email-management.noarch        1.3-5.el7.sme              @smecontribs
smeserver-fail2ban.noarch                9:0.1.18-30.el7.sme        @smecontribs
smeserver-hwinfo.noarch                  1.2-5.el7.sme              @smecontribs
smeserver-mailsorting.noarch             1.4-14.el7.sme             @smecontribs
smeserver-mailstats.noarch               1.1-17.el7.sme             @smecontribs
smeserver-mod_dav.noarch                 1.1-8.el7.sme              @smecontribs
smeserver-password.noarch                1.2.0-14.el7.sme           @smecontribs
smeserver-qmHandle.noarch                1.4-24.el7.sme             @smecontribs
smeserver-raidstatus.noarch              0.3-3.el7.sme              @smecontribs
smeserver-remoteuseraccess.noarch        1.3-6.el7.sme              @smecontribs
smeserver-shared-folders.noarch          0.3-18.el7.sme             @smecontribs
smeserver-smbstatus.noarch               1.2-3                      @smecontribs
smeserver-smeadmin.noarch                1.6-10.el7.sme             @smecontribs
smeserver-sysmon.noarch                  6.5-5.el7.sme              @smecontribs
smeserver-userpanel.noarch               1.4-6.el7.sme              @smecontribs
smeserver-vacation.noarch                1.1-34.el7.sme             @smecontribs
smeserver-wbl.noarch                     0.5.0-7.el7.sme            @smecontribs



[root@xxxx ~]# /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/17check_basicheaders: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/17check_basicheaders: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86awstats: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/unjunkmgr: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/unjunkstats: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/awstats: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/unjunk: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/pam.d/system-auth/40password: OWNED_BY_RPM, OVERRIDE


config getprop fail2ban IgnoreIP
,80.89.78.135/32,80.89.78.135/32,212.3.196.209/32,212.3.196.53/32

Title: Re: Fail2ban not working after upgrade from 9.2 to 10
Post by: Jean-Philippe Pialasse on January 08, 2024, 12:30:09 PM

you have a coma at the beginning of the string failing the template.

Code: [Select]

config setprop fail2ban IgnoreIP 80.89.78.135/32,80.89.78.135/32,212.3.196.209/32,212.3.196.53/32
then

Code: [Select]

signal-event fail2ban-conf

and you will be good

Title: Re: Fail2ban not working after upgrade from 9.2 to 10
Post by: Mouse on January 08, 2024, 12:36:25 PM

Hi

Strange mistake. I only use server-manager to add IP. This comes up from previous 9.2

now reply is:
]# fail2ban-client status
Status
|- Number of jail:      14
`- Jail list:   ftp, http-auth, http-badbots, http-fakegooglebot, http-noscript, http-overflows, http-scan, http-shellshock, imap, pam-generic, qpsmtpd, recidive, ssh, ssh-ddos


hope it helps and starts work.
Thanks

Title: Re: Fail2ban not working after upgrade from 9.2 to 10
Post by: ReetP on January 08, 2024, 12:47:44 PM

Glad you got it fixed.

Also have a look at xt_geoip

https://wiki.koozali.org/Xt_geoip