Fail2Ban config not working

MailTec1 · June 19, 2023, 8:53pm

Hello,

I installed Fail2Ban using the instructions listed on the Axigen site: Increase Brute-Force Attack Protection - Fail2Ban Linux | Axigen

The service will not start. Getting error:
fail2ban-server[12464]: 2023-06-19 15:47:03,993 fail2ban [12464]: ERROR Failed during configuration: Have not found any log file for axigen jail

and

fail2ban-server[12464]: 2023-06-19 15:47:03,999 fail2ban [12464]: ERROR Async configuration of server failed

when I run the command: fail2ban-client status axigen
I get error: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

Can someone help me with this config. The Axigen setup is standard no special changes.
Running on Linux CentOS8
Axigen ver: 10.4.13

Thanks in advance for any help
MT1

MailTec1 · June 22, 2023, 2:37am

A little update:

After pulling out my fingernails and setting my hair on fire to calm down I discovered that Fail2Ban for some reason does not like the log file structure of Security.txt or Everything.txt. I do not know why or what but that is my issue.

So I ended up using a script found here:
https://www.borndesign.dk/wp/secure-axigen-against-brute-force-with-fail2ban-linux/

I used this script to pull the failed login attempts from Everything.txt to a new logfile and placed the file in the fail2ban folder named secure.txt (Added the script to my rc.local so it will run after a reboot)
I also used his axigen.conf in the filter.d

I then used the some of the steps here:

I only used this jail.local changing the logpath = /etc/fail2ban/secure.txt
Now fail2ban works.

Axigen team you may want to look at the logfile setup or creation not sure why the logfiles are not working with fail2ban.

MT1

MailTec1 · August 25, 2023, 12:58am

I wanted to mention that if you run the script using the rc.local you will not get a console login prompt because the script is running in a loop. You can still ssh to the server.
The Fix is to run the script at startup using a crontab job example below:

sudo crontab -e

add the below to the top line:

@reboot /home/mailuser/failscript.sh

save

and reboot.

I run the job as root and I restrict only root to use crontab.
you can google search how to restrict using cron.allow and cron.deny

Hope this helps someone.