1 Topic by patrickp83

  • patrickp83
  • Member
  • Offline
  • Registered: 2018-10-10
  • Posts: 7

Topic: fail2ban sshd_ddos.conf not found

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 PGSQL Release
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

I check the log of fail2ban and I saw this line :
6-INFO Nov 12 06:44:15 mail fail2ban-server[131749]:  Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban #
6-INFO Nov 12 06:44:15 mail fail2ban-server[131749]:  Errors in jail 'sshd-ddos'. Skipping... #
And in fact this file does not exit so fail2ban is not running for sshd-ddos

root@mail:/etc/fail2ban# fail2ban-client status
Status
|- Number of jail:      6
`- Jail list:   dovecot-iredmail, nginx-http-auth, postfix-iredmail, postfix-pregreet-iredmail, roundcube-iredmail, sshd

Is it normal ? Where could I find this conf file ?

Thanks

Patrick

(Attached file jail.conf and jail.local and only change parameters in jail.local

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by swejun

  • swejun
  • Member
  • Offline
  • Registered: 2017-07-26
  • Posts: 84

Re: fail2ban sshd_ddos.conf not found

On my server I can find:

[root@mail2 jail.d]# pwd
/etc/fail2ban/jail.d
[root@mail2 jail.d]# ls -l
total 44
-rw-r--r-- 1 root root 270 Jul 13  2017 00-firewalld.conf
-rw-r--r-- 1 root root 221 Nov  8  2017 apache-auth.local
-rw-r--r-- 1 root root 321 Jul  5  2017 dovecot.local
-rw-r--r-- 1 root root 228 Feb 20  2018 nginx-http-auth.local
-rw-r--r-- 1 root root 206 Apr 12  2018 postfix-pregreet.local
-rw-r--r-- 1 root root 216 Jul  5  2017 postfix-sasl.local
-rw-r--r-- 1 root root 224 Jul  5  2017 postfix.local
-rw-r--r-- 1 root root 249 Jul  5  2017 roundcube.local
-rw-r--r-- 1 root root 217 Jul  5  2017 sogo.local
-rw-r--r-- 1 root root 159 Jul  5  2017 sshd-ddos.local
-rw-r--r-- 1 root root 144 Jul  5  2017 sshd.local

In the /etc/fail2ban/jail.conf I find:

[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

and in  /etc/fail2ban/jail.d/sshd-ddos.local

[sshd-ddos]
enabled     = true
filter      = sshd-ddos
action      = iptables-multiport[name=sshd-ddos, port="22", protocol=tcp]
logpath     = /var/log/secure

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: fail2ban sshd_ddos.conf not found

Does your system have file /etc/fail2ban/filter.d/sshd-ddos.conf?

4 Reply by patrickp83

  • patrickp83
  • Member
  • Offline
  • Registered: 2018-10-10
  • Posts: 7

Re: fail2ban sshd_ddos.conf not found

No I don't have this file, where can I find it ? Thanks
Patrick