Failures with fail2ban in CentOS 8

Support for security such as Firewalls and securing linux
Post Reply
HenriqueFagundes
Posts: 2
Joined: 2020/02/17 18:10:37

Failures with fail2ban in CentOS 8

Post by HenriqueFagundes » 2020/02/17 18:14:33

Dear Colleagues,

Greetings!

I apologize for the possible typos. I'm Brazilian and I have difficulties with English

I have a problem with Drupal (and I cannot update it). I can't get fail2ban to stop login attempts with error.

What I find strange is that before migrating from server, it used version 0.9.6-2 of fail2ban in Debian 9.12 and it worked correctly.

I migrated the server to a CentOS 8.1 running fail2ban in version 0.10.5-2. And after that, the lock does not work.

I will share the configuration files with you:

/etc/fail2ban/jail.conf:
https://temporario.aprendendolinux.com/ ... l.conf.txt

/etc/fail2ban/filter.d/drupal-auth.conf:
https://temporario.aprendendolinux.com/ ... h.conf.txt

/var/log/messages:
https://temporario.aprendendolinux.com/messages.txt

I understand that the correct thing would be for fail2ban to block IP 177.124.244.10 after the third login attempt, but it is not happening.

I recorded this video to demonstrate the problem more clearly:
https://youtu.be/5AkuUpVYbms

can anybody help me?

lightman47
Posts: 1160
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Failures with fail2ban in CentOS 8

Post by lightman47 » 2020/02/18 13:06:46

Don't know if it is the problem but your default bantime is a negative number. I've not seen that before. In addition, in the defaults you banned ALL ports if any are violated, but then in the separate jails, they are overridden with only particular ports blocked.

I don't know if this is what is causing your grief but I hope it helps you. I cannot vouch that mine works because my CentOS 8 machine is not the one exposed to the 'outside', so it never receives attempts.
Remember - importing/building packages will likely "byte you in the butt" come update time, long after you'd forgotten you did that! Use repos whenever possible.

BShT
Posts: 190
Joined: 2019/10/09 12:31:40

Re: Failures with fail2ban in CentOS 8

Post by BShT » 2020/02/18 14:47:51

test your regex with fail2ban-regex

most of time the error is in how you wrote your regex
na maioria das vezes o erro está em como você escreveu sua expressão regular

HenriqueFagundes
Posts: 2
Joined: 2020/02/17 18:10:37

Re: Failures with fail2ban in CentOS 8

Post by HenriqueFagundes » 2020/02/19 14:17:23

Dear,

Thanks to everyone who tried to help!
I managed to resolve the issue.

I made a small mistake. I use iptables and fail2ban was configured to use firewalld.

This topic can be closed.

Post Reply

Return to “CentOS 8 - Security Support”