Ask Ubuntu Stack Exchange
Ask Ubuntu Stack Exchange

Questions tagged [fail2ban]

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.

Fail2ban scans log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.

79 questions
51
votes
5 answers

vivid - failed to connect to upstart: connection refused

Just updated via do-release-upgrade and now certain upstart jobs such as fail2ban and plexmediaserver will not start (have tried reinstalling) $ sudo service fail2ban start Job for fail2ban.service failed. See "systemctl status fail2ban.service" and…
matty87a
  • 511
  • 1
  • 4
  • 3
48
votes
3 answers

potential ufw and fail2ban conflicts

Will running both fail2ban and ufw cause problems? I noticed that fail2ban modifies iptables rules, but ufw already has a ton of iptables rules defined... so I'm not sure if fail2ban will mess these up.
Adam Monsen
  • 2,246
  • 5
  • 22
  • 42
39
votes
3 answers

How do you view all of the banned IP's for Ubuntu 12.04 via the command line?

I can't seem to find a quick command to just view all the banned IP's on the server. Or is there a file I can just edit? I'm guessing fail2ban is the one that inputs all the IP's to ban. Where do I adjust the settings for it? I seem to be able to…
Patoshi パトシ
  • 2,841
  • 12
  • 31
  • 42
17
votes
2 answers

IP getting access even after blocking

78.128.113.62 - - [04/Jan/2020:19:59:33 +0530] "GET /efk-dashboard HTTP/1.1" 404 66914 "-" "python-requests/2.13.0" There are multiple access records like this even after I have run the commands ufw deny from 78.128.113.58/24 to any # for ufw ip…
Joshi
  • 343
  • 3
  • 15
12
votes
3 answers

How do I tell if my brute force protection (fail2ban) is running?

I'm not sure if my fail2ban is running. How can I tell if it's currently running? Also, how do I tell if it is even running on startup?
Patoshi パトシ
  • 2,841
  • 12
  • 31
  • 42
10
votes
5 answers

Fail2Ban or DenyHosts to block invalid username SSH login attempts

Is there a way to automatically block IP address when a user tries to login as any invalid username? I already have: [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 31536000 in…
slayton1213
  • 115
  • 2
  • 2
  • 8
7
votes
1 answer

Why /var/log/auth.log is using diffrent timezone?

I've installed fail2ban on a Ubuntu box (14.04) but it didn't work correctly. As I tried to inspect the reason, I discovered that the timezone which is being used by the /var/log/auth.log file is different from the system timezone. Here were what I…
Minh Danh
  • 454
  • 4
  • 9
6
votes
4 answers

Fail2ban fails to start after update?

I have been using fail2ban for a while on my Ubuntu server. Recently (after upgrading to ubuntu 15.04 I assume) fail2ban has been failing to start. Initially, this was because the port option had been specified twice somewhere - I fixed that. Now I…
starbeamrainbowlabs
  • 1,187
  • 3
  • 17
  • 36
6
votes
1 answer

Block badbot with fail2ban via user agents in access.log

How can I create a filter to block these with fail2ban? 476 Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/) 892 ltx71 - (http://ltx71.com/) 5367 Mozilla/5.0 (compatible; DotBot/1.1;…
alebal
  • 453
  • 2
  • 9
  • 20
6
votes
1 answer

unable to install fail2ban on ubuntu 18.04

I installed ubuntu server(18.04 version) a few days ago. and I tried to install fail2ban with apt tool but couldn't do that. Here's some information on my situation. root@ubuntu:~# cat /etc/os-release | grep -i version VERSION="18.04.1 LTS (Bionic…
NoFence
  • 769
  • 1
  • 9
  • 17
5
votes
2 answers

Fail2ban Error on start

Recently, I have tried restarting Fail2ban and I have received an error, making it impossible to start... The full error I received from systemctl status fail2ban is as follows: Jan 03 18:27:02 nerdofcode.com systemd[1]: fail2ban.service: Control…
NerdOfCode
  • 2,408
  • 4
  • 16
  • 33
5
votes
2 answers

Job for fail2ban.service failed because the control process exited with error code

I have installed fail2ban on my server (OS: Ubuntu 16.0.4 LTS). When I try to start it, I get the following error message: Job for fail2ban.service failed because the control process exited with error code. Here are the outputs for various…
Homunculus Reticulli
  • 2,373
  • 6
  • 26
  • 24
5
votes
1 answer

How should I write the fail2ban -> apache-badbots.conf rules?

I often have to add new rules to the apache-badbots.conf file, and every time I have the doubt that it no longer works... For example, this is my current apache-badbots.conf file: [Definition] badbotscustom =…
alebal
  • 453
  • 2
  • 9
  • 20
4
votes
2 answers

Fail2Ban regex SSH will not match auth.log

I'm trying to get Fail2Ban to work with the SSHD config provided. When I run: fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf The output is: root@fw:/etc/fail2ban/filter.d# fail2ban-regex /var/log/auth.log…
Matt Wood
  • 41
  • 1
  • 3
4
votes
2 answers

What are fail2ban's log iptables "returned NNN" entries? (Fail2ban is failing to ban)

In my fail2ban.log there are some entries the meaning of which I don't understand (and haven't found searching around)... I have several "jails", and I have created one particular one that bans IP's when they try to connect to web server searching…
luri
  • 4,052
  • 7
  • 30
  • 41
1
2 3 4 5 6