Hi Bob,
Thanks very much for sharing your solution, much appreciated.
On 07/11/2025 20:15, Bob Proulx via Dng wrote:
> piorunz via Dng wrote:
>> I noticed that fail2ban package doesn't work at all on Excalibur.
>
> Here is a working fix for fail2ban on Excalibur.
>
> Also, take this as an opportunity to switch to using the more
> efficient linux kernel ipset datastructures which can handle millions
> of addresses efficiently. The banaction rules listed here will do
> this.
>
> Before installing fail2ban create this file and directory.
>
> mkdir -p /etc/fail2ban/jail.d
> cat /etc/fail2ban/jail.d/defaults-debian.local<<\EOF
> [DEFAULT]
> usedns = no
> ignoreip = 127.0.0.1/8
> banaction = iptables-ipset-proto6
> banaction_allports = iptables-ipset-proto6-allports
>
> [sshd]
> backend = auto
> enabled = true
> EOF
>
> Then having created the above, install the fail2ban package, along
> with ipset and the python3-pyinotify module which is more efficient
> and will avoid the need for polling.
>
> apt-get install ipset python3-pyinotify fail2ban
>
> Everything will install without errors. Full disclosure: I haven't
> fully tested this running on production Excalibur systems yet but this
> does allow it to be installed and running without error. The ipset
> configuration is one I use heavily however and highly recommend it.
>
> If you have already installed and already have errors then create the
> /etc/fail2ban/jail.d/defaults-debian.local file as above and then run
> this to fix and reconfigure.
>
> apt-get install -f
>
> Bob
>
> (excalibur)root@excalibur:~# apt-get install fail2ban
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> The following additional packages will be installed:
> python3-autocommand python3-inflect python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-more-itertools python3-pkg-resources python3-setuptools python3-systemd python3-typeguard
> python3-typing-extensions python3-zipp whois
> Suggested packages:
> monit sqlite3 python-setuptools-doc
> The following NEW packages will be installed:
> fail2ban python3-autocommand python3-inflect python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-more-itertools python3-pkg-resources python3-setuptools python3-systemd
> python3-typeguard python3-typing-extensions python3-zipp whois
> 0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
> Need to get 0 B/1,826 kB of archives.
> After this operation, 8,951 kB of additional disk space will be used.
> Do you want to continue? [Y/n] y
> Selecting previously unselected package python3-systemd.
> (Reading database ... 48138 files and directories currently installed.)
> Preparing to unpack .../00-python3-systemd_235-1+b6_amd64.deb ...
> Unpacking python3-systemd (235-1+b6) ...
> Selecting previously unselected package fail2ban.
> Preparing to unpack .../01-fail2ban_1.1.0-8_all.deb ...
> Unpacking fail2ban (1.1.0-8) ...
> Selecting previously unselected package python3-autocommand.
> Preparing to unpack .../02-python3-autocommand_2.2.2-3_all.deb ...
> Unpacking python3-autocommand (2.2.2-3) ...
> Selecting previously unselected package python3-more-itertools.
> Preparing to unpack .../03-python3-more-itertools_10.7.0-1_all.deb ...
> Unpacking python3-more-itertools (10.7.0-1) ...
> Selecting previously unselected package python3-typing-extensions.
> Preparing to unpack .../04-python3-typing-extensions_4.13.2-1_all.deb ...
> Unpacking python3-typing-extensions (4.13.2-1) ...
> Selecting previously unselected package python3-typeguard.
> Preparing to unpack .../05-python3-typeguard_4.4.2-1_all.deb ...
> Unpacking python3-typeguard (4.4.2-1) ...
> Selecting previously unselected package python3-inflect.
> Preparing to unpack .../06-python3-inflect_7.3.1-2_all.deb ...
> Unpacking python3-inflect (7.3.1-2) ...
> Selecting previously unselected package python3-jaraco.functools.
> Preparing to unpack .../07-python3-jaraco.functools_4.1.0-1_all.deb ...
> Unpacking python3-jaraco.functools (4.1.0-1) ...
> Selecting previously unselected package python3-pkg-resources.
> Preparing to unpack .../08-python3-pkg-resources_78.1.1-0.1_all.deb ...
> Unpacking python3-pkg-resources (78.1.1-0.1) ...
> Selecting previously unselected package python3-jaraco.text.
> Preparing to unpack .../09-python3-jaraco.text_4.0.0-1_all.deb ...
> Unpacking python3-jaraco.text (4.0.0-1) ...
> Selecting previously unselected package python3-zipp.
> Preparing to unpack .../10-python3-zipp_3.21.0-1_all.deb ...
> Unpacking python3-zipp (3.21.0-1) ...
> Selecting previously unselected package python3-setuptools.
> Preparing to unpack .../11-python3-setuptools_78.1.1-0.1_all.deb ...
> Unpacking python3-setuptools (78.1.1-0.1) ...
> Selecting previously unselected package python3-jaraco.context.
> Preparing to unpack .../12-python3-jaraco.context_6.0.1-1_all.deb ...
> Unpacking python3-jaraco.context (6.0.1-1) ...
> Selecting previously unselected package whois.
> Preparing to unpack .../13-whois_5.6.3_amd64.deb ...
> Unpacking whois (5.6.3) ...
> Setting up python3-more-itertools (10.7.0-1) ...
> Setting up python3-jaraco.functools (4.1.0-1) ...
> Setting up whois (5.6.3) ...
> Setting up python3-jaraco.context (6.0.1-1) ...
> Setting up python3-zipp (3.21.0-1) ...
> Setting up python3-autocommand (2.2.2-3) ...
> Setting up python3-typing-extensions (4.13.2-1) ...
> Setting up python3-systemd (235-1+b6) ...
> Setting up fail2ban (1.1.0-8) ...
> Starting Authentication failure monitor: fail2ban.
> Setting up python3-typeguard (4.4.2-1) ...
> Setting up python3-inflect (7.3.1-2) ...
> Setting up python3-jaraco.text (4.0.0-1) ...
> Setting up python3-pkg-resources (78.1.1-0.1) ...
> Setting up python3-setuptools (78.1.1-0.1) ...
> Processing triggers for man-db (2.13.1-1) ...
> (excalibur)root@excalibur:~# fail2ban-client status
> Status
> |- Number of jail: 1
> `- Jail list: sshd
> (excalibur)root@excalibur:~# fail2ban-client status sshd
> Status for the jail: sshd
> |- Filter
> | |- Currently failed: 0
> | |- Total failed: 0
> | `- File list: /var/log/auth.log
> `- Actions
> |- Currently banned: 0
> |- Total banned: 0
> `- Banned IP list:
> (excalibur)root@excalibur:~# less /var/log/fail2ban.log
> 2025-11-07 13:06:23,616 fail2ban.server [6367]: INFO --------------------------------------------------
> 2025-11-07 13:06:23,616 fail2ban.server [6367]: INFO Starting Fail2ban v1.1.0
> 2025-11-07 13:06:23,616 fail2ban.server [6367]: INFO Daemon started
> 2025-11-07 13:06:23,617 fail2ban.observer [6367]: INFO Observer start...
> 2025-11-07 13:06:23,665 fail2ban.database [6367]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
> 2025-11-07 13:06:23,668 fail2ban.database [6367]: WARNING New database created. Version '4'
> 2025-11-07 13:06:23,669 fail2ban.jail [6367]: INFO Creating new jail 'sshd'
> 2025-11-07 13:06:23,682 fail2ban.jail [6367]: INFO Jail 'sshd' uses pyinotify {}
> 2025-11-07 13:06:23,683 fail2ban.jail [6367]: INFO Initiated 'pyinotify' backend
> 2025-11-07 13:06:23,684 fail2ban.filter [6367]: INFO maxLines: 1
> 2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO maxRetry: 5
> 2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO findtime: 600
> 2025-11-07 13:06:23,691 fail2ban.actions [6367]: INFO banTime: 600
> 2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO encoding: UTF-8
> 2025-11-07 13:06:23,691 fail2ban.filter [6367]: INFO Added logfile: '/var/log/auth.log' (pos = 0, hash = 6eaa0a38afd351d25f64d443a0a1bb5ec9702895)
> 2025-11-07 13:06:23,692 fail2ban.jail [6367]: INFO Jail 'sshd' started
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> Manage your subscription: https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> Archive: https://lists.dyne.org/lurker/list/dng.en.html
--
With kindest regards, Piotr.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀
https://www.debian.org/
⠈⠳⣄⠀⠀⠀⠀
::
Re: [DNG] fail2ban doesn't work on …
