piorunz via Dng wrote:
> I noticed that fail2ban package doesn't work at all on Excalibur.
Here is a working fix for fail2ban on Excalibur.
Also, take this as an opportunity to switch to using the more
efficient linux kernel ipset datastructures which can handle millions
of addresses efficiently. The banaction rules listed here will do
this.
Before installing fail2ban create this file and directory.
mkdir -p /etc/fail2ban/jail.d
cat /etc/fail2ban/jail.d/defaults-debian.local<<\EOF
[DEFAULT]
usedns = no
ignoreip = 127.0.0.1/8
banaction = iptables-ipset-proto6
banaction_allports = iptables-ipset-proto6-allports
[sshd]
backend = auto
enabled = true
EOF
Then having created the above, install the fail2ban package, along
with ipset and the python3-pyinotify module which is more efficient
and will avoid the need for polling.
apt-get install ipset python3-pyinotify fail2ban
Everything will install without errors. Full disclosure: I haven't
fully tested this running on production Excalibur systems yet but this
does allow it to be installed and running without error. The ipset
configuration is one I use heavily however and highly recommend it.
If you have already installed and already have errors then create the
/etc/fail2ban/jail.d/defaults-debian.local file as above and then run
this to fix and reconfigure.
apt-get install -f
Bob
(excalibur)root@excalibur:~# apt-get install fail2ban
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
python3-autocommand python3-inflect python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-more-itertools python3-pkg-resources python3-setuptools python3-systemd python3-typeguard
python3-typing-extensions python3-zipp whois
Suggested packages:
monit sqlite3 python-setuptools-doc
The following NEW packages will be installed:
fail2ban python3-autocommand python3-inflect python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-more-itertools python3-pkg-resources python3-setuptools python3-systemd
python3-typeguard python3-typing-extensions python3-zipp whois
0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/1,826 kB of archives.
After this operation, 8,951 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Selecting previously unselected package python3-systemd.
(Reading database ... 48138 files and directories currently installed.)
Preparing to unpack .../00-python3-systemd_235-1+b6_amd64.deb ...
Unpacking python3-systemd (235-1+b6) ...
Selecting previously unselected package fail2ban.
Preparing to unpack .../01-fail2ban_1.1.0-8_all.deb ...
Unpacking fail2ban (1.1.0-8) ...
Selecting previously unselected package python3-autocommand.
Preparing to unpack .../02-python3-autocommand_2.2.2-3_all.deb ...
Unpacking python3-autocommand (2.2.2-3) ...
Selecting previously unselected package python3-more-itertools.
Preparing to unpack .../03-python3-more-itertools_10.7.0-1_all.deb ...
Unpacking python3-more-itertools (10.7.0-1) ...
Selecting previously unselected package python3-typing-extensions.
Preparing to unpack .../04-python3-typing-extensions_4.13.2-1_all.deb ...
Unpacking python3-typing-extensions (4.13.2-1) ...
Selecting previously unselected package python3-typeguard.
Preparing to unpack .../05-python3-typeguard_4.4.2-1_all.deb ...
Unpacking python3-typeguard (4.4.2-1) ...
Selecting previously unselected package python3-inflect.
Preparing to unpack .../06-python3-inflect_7.3.1-2_all.deb ...
Unpacking python3-inflect (7.3.1-2) ...
Selecting previously unselected package python3-jaraco.functools.
Preparing to unpack .../07-python3-jaraco.functools_4.1.0-1_all.deb ...
Unpacking python3-jaraco.functools (4.1.0-1) ...
Selecting previously unselected package python3-pkg-resources.
Preparing to unpack .../08-python3-pkg-resources_78.1.1-0.1_all.deb ...
Unpacking python3-pkg-resources (78.1.1-0.1) ...
Selecting previously unselected package python3-jaraco.text.
Preparing to unpack .../09-python3-jaraco.text_4.0.0-1_all.deb ...
Unpacking python3-jaraco.text (4.0.0-1) ...
Selecting previously unselected package python3-zipp.
Preparing to unpack .../10-python3-zipp_3.21.0-1_all.deb ...
Unpacking python3-zipp (3.21.0-1) ...
Selecting previously unselected package python3-setuptools.
Preparing to unpack .../11-python3-setuptools_78.1.1-0.1_all.deb ...
Unpacking python3-setuptools (78.1.1-0.1) ...
Selecting previously unselected package python3-jaraco.context.
Preparing to unpack .../12-python3-jaraco.context_6.0.1-1_all.deb ...
Unpacking python3-jaraco.context (6.0.1-1) ...
Selecting previously unselected package whois.
Preparing to unpack .../13-whois_5.6.3_amd64.deb ...
Unpacking whois (5.6.3) ...
Setting up python3-more-itertools (10.7.0-1) ...
Setting up python3-jaraco.functools (4.1.0-1) ...
Setting up whois (5.6.3) ...
Setting up python3-jaraco.context (6.0.1-1) ...
Setting up python3-zipp (3.21.0-1) ...
Setting up python3-autocommand (2.2.2-3) ...
Setting up python3-typing-extensions (4.13.2-1) ...
Setting up python3-systemd (235-1+b6) ...
Setting up fail2ban (1.1.0-8) ...
Starting Authentication failure monitor: fail2ban.
Setting up python3-typeguard (4.4.2-1) ...
Setting up python3-inflect (7.3.1-2) ...
Setting up python3-jaraco.text (4.0.0-1) ...
Setting up python3-pkg-resources (78.1.1-0.1) ...
Setting up python3-setuptools (78.1.1-0.1) ...
Processing triggers for man-db (2.13.1-1) ...
(excalibur)root@excalibur:~# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
(excalibur)root@excalibur:~# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
(excalibur)root@excalibur:~# less /var/log/fail2ban.log
2025-11-07 13:06:23,616 fail2ban.server [6367]: INFO --------------------------------------------------
2025-11-07 13:06:23,616 fail2ban.server [6367]: INFO Starting Fail2ban v1.1.0
2025-11-07 13:06:23,616 fail2ban.server [6367]: INFO Daemon started
2025-11-07 13:06:23,617 fail2ban.observer [6367]: INFO Observer start...
2025-11-07 13:06:23,665 fail2ban.database [6367]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2025-11-07 13:06:23,668 fail2ban.database [6367]: WARNING New database created. Version '4'
2025-11-07 13:06:23,669 fail2ban.jail [6367]: INFO Creating new jail 'sshd'
2025-11-07 13:06:23,682 fail2ban.jail [6367]: INFO Jail 'sshd' uses pyinotify {}
2025-11-07 13:06:23,683 fail2ban.jail [6367]: INFO Initiated 'pyinotify' backend
2025-11-07 13:06:23,684 fail2ban.filter [6367]: INFO maxLines: 1
2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO maxRetry: 5
2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO findtime: 600
2025-11-07 13:06:23,691 fail2ban.actions [6367]: INFO banTime: 600
2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO encoding: UTF-8
2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO Added logfile: '/var/log/auth.log' (pos = 0, hash = 6eaa0a38afd351d25f64d443a0a1bb5ec9702895)
2025-11-07 13:06:23,692 fail2ban.jail [6367]: INFO Jail 'sshd' started
::
Re: [DNG] fail2ban doesn't work on …
