webadmin-list

[webmin-l] Fail2ban strangeness

[Richard C. <rch...@aa...>]

Hi Jamie

It is great to see fail2ban support. I have recently started using 
fail2ban - and looked for a webmin module without luck.
Something I don't understand though....

Before the webmin support I defined 3 "jails" in my 
"/etc/fail2ban/jail.local" file.... thus"

-------------------

[sasl-route]
# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs

enabled  = true
maxretry = 5
filter   = sasl
action      = route
               sendmail-whois[name=SASLR, dest=ri...@aa...]
logpath  = /var/log/maillog

# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".

[ssh-tcpwrapper]

enabled     = false
filter      = sshd
action      = hostsdeny
               sendmail-whois[name=SSHW, dest=rch...@aa...]
logpath     = /var/log/secure

# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs

[ssh-route]

enabled = true
filter = sshd
action = route
	 sendmail-whois[name=SSHR, dest=rch...@aa...]
logpath = /var/log/secure
maxretry = 5

------------

2 of these appear in the webmin jails list - but the "sasl-route" jail 
does not seem to appear either enabled or disabled.

Any ideas why?:

Richard.

Re: [webmin-l] Fail2ban strangeness

[Jamie C. <jca...@we...>]

On 27/May/2014 01:40 Richard Chapman <rch...@aa...> wrote ..
> Hi Jamie
> 
> It is great to see fail2ban support. I have recently started using 
> fail2ban - and looked for a webmin module without luck.
> Something I don't understand though....
> 
> Before the webmin support I defined 3 "jails" in my 
> "/etc/fail2ban/jail.local" file.... thus"
> 
> -------------------
> 
> [sasl-route]
> # Here we use blackhole routes for not requiring any additional kernel support
> # to store large volumes of banned IPs
> 
> enabled  = true
> maxretry = 5
> filter   = sasl
> action      = route
>                sendmail-whois[name=SASLR, dest=ri...@aa...]
> logpath  = /var/log/maillog
> 
> # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
> # used to avoid banning the user "myuser".
> 
> [ssh-tcpwrapper]
> 
> enabled     = false
> filter      = sshd
> action      = hostsdeny
>                sendmail-whois[name=SSHW, dest=rch...@aa...]
> logpath     = /var/log/secure
> 
> # Here we use blackhole routes for not requiring any additional kernel support
> # to store large volumes of banned IPs
> 
> [ssh-route]
> 
> enabled = true
> filter = sshd
> action = route
> 	 sendmail-whois[name=SSHR, dest=rch...@aa...]
> logpath = /var/log/secure
> maxretry = 5
> 
> ------------
> 
> 2 of these appear in the webmin jails list - but the "sasl-route" jail 
> does not seem to appear either enabled or disabled.
> 
> Any ideas why?:

There is a bug in the version of the fail2ban module that was included 
in the 1.690 webmin release - it doesn't read the jail.local file for jails
not included in jail.conf. This will be fixed in the next release though,
and you can also get a patch with a fix from :

https://github.com/webmin/webmin/commit/eee243a6cd2e13bcc87d48a88bba3875ec06e929

 - Jamie