Seite 1 von 1

Fail2ban with the example-Config from blocklist

Verfasst: 21. Mai 2011, 23:50
von Martin
A short howto to use Fail2Ban with the example Config from blocklist:

Before you start, please add your Server under your Profile under "Server"!
All Server-IP-Addresses are automatically in the Whitelist from blocklist.

If you have fail2ban already installed, please make a Backup from /etc/fail2ban/, because the jail.conf is in the example-Configs inside and would override your existing config.

1. Install Fail2ban on your Server
1.1 use

Code: Alles auswählen

apt-get install fail2ban
or install it over the source: http://felipeferreira.net/?p=47

2. download the example-config for Debian/Linux Version 5:

Code: Alles auswählen

wget http://www.blocklist.de/downloads/fail2ban.config.tar.gz
tar -xzvf fail2ban.config.tar.gz
cp etc/* /etc -r
2.1 download the example-Config for Debian/Linux 6 or higher:

Code: Alles auswählen

wget http://www.blocklist.de/downloads/fail2ban.config.debian6.tar.gz
tar -xzvf fail2ban.config.debian6.tar.gz
cp etc/* /etc -r
3. Change /etc/fail2ban/jail.conf and replace the String String "fail2ban@DEINE-DOMAIN" with your Sender-Address which used on blocklist.de under your Server-Settings. With the following command, you can replace ...@DEINE-DOMAIN with your Address ...@XXXX-YOUR-ADDRESS:

Code: Alles auswählen

sed -i 's/fail2ban@DEINE-DOMAIN/fail2ban@XXXXX-YOUR-ADDRESS/g' /etc/fail2ban/jail.conf
3.1 When you used a dynamic IP-Address (Dial-UP, ....) to send Reports to blocklist, please us as Recipient the following: fail2ban@dyn.blocklist.de:

Code: Alles auswählen

sed -i 's/fail2ban@blocklist.de/fail2ban@dyn.blocklist.de/g' /etc/fail2ban/jail.conf
4. Start now Fail2Ban

Re: Fail2ban with the example-Config from blocklist

Verfasst: 17. Sep 2015, 11:18
von krossekrabbe1
Now I have to reconfigure my fail2ban installation. You should put a

BIG FAT WARNING THAT fail2ban.config.tar.gz CONTAINS THE jail2ban.conf AND jail.conf, SO YOURS WILL GET OVERRIDDEN!

Re: Fail2ban with the example-Config from blocklist

Verfasst: 17. Sep 2015, 13:18
von Martin
Hi,

yes, this howto is for the first installation.
Otherwise you can under step 2 before you copy all Files, the not needed files deleting.

Re: Fail2ban with the example-Config from blocklist

Verfasst: 18. Mai 2016, 14:40
von firefox1991
I have ubutu server 16.4, after i do all proceed and restart fail2ban it send me error

Re: Fail2ban with the example-Config from blocklist

Verfasst: 18. Mai 2016, 14:52
von Martin
Hello firefox1991, have set the Loglevel in /etc/fail2ban/fail2ban.conf up to level 4 (debug) and then, restart Fail2ban.
Which errors do you get from fail2ban? Can you paste it?

Re: Fail2ban with the example-Config from blocklist

Verfasst: 31. Mai 2016, 05:15
von firefox1991
root@server:/etc/fail2ban# sudo service fail2ban restart
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
root@server:/etc/fail2ban#

● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since lun 2016-05-30 23:16:45 EST; 2s ago
Docs: man:fail2ban(1)
Process: 3352 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
Process: 3565 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Main PID: 2839 (code=killed, signal=TERM)

may 30 23:16:44 server systemd[1]: fail2ban.service: Unit entered failed state.
may 30 23:16:44 server systemd[1]: fail2ban.service: Failed with result 'exit-code'.
may 30 23:16:45 server systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
may 30 23:16:45 server systemd[1]: Stopped Fail2Ban Service.
may 30 23:16:45 server systemd[1]: fail2ban.service: Start request repeated too quickly.
may 30 23:16:45 server systemd[1]: Failed to start Fail2Ban Service.
root@server:/etc/fail2ban#

Re: Fail2ban with the example-Config from blocklist

Verfasst: 17. Jun 2016, 13:26
von Martin
Hi,

a workarround is to insert in the fail2ban-client.pl-Skript after stop a:
time.sleep()

1. File /usr/bin/fail2ban-client open in a Text-Editor.
2. Search for the Function "__processCMD()". Add a "time.sleep()" at start of the first while/loop.

viewtopic.php?p=174#p174

Re: Fail2ban with the example-Config from blocklist

Verfasst: 4. Mär 2017, 20:37
von Flashtek
Is this still a valid way to configure fail2ban with blocklists.de in Debian given that there seems to be some config items in the shipped jail.conf to cater for blocklist.de ?

I had some issues when trying to use this config, as well as the Debian provided one (rather confused about that) to log things here.

Re: Fail2ban with the example-Config from blocklist

Verfasst: 4. Mär 2017, 21:17
von Martin
Hi @Flashtek,

in the latest Version, you have already a blocklist.de-Conf and can send the Attacks over the http-Api to us.
I think the fasted way is to use the source from fail2ban: https://github.com/fail2ban/fail2ban/releases

Then you need only to add:
blocklist_de_apikey = yourapi-key-from-blocklist.de-profile

and update the sender to the same-emailadresse which do you set in your blocklist.de-profile for the server.

And then, change:
action = %(action_)s
to:
action = %(action_blocklist_de)s

and restart.