LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Fail2ban - Closing connection after installation (https://www.linuxquestions.org/questions/linux-security-4/fail2ban-closing-connection-after-installation-863264/)

Alt-Ox 02-17-2011 02:39 AM
Fail2ban - Closing connection after installation
 
Hello guys,

I just faced a weird situation installing fail2ban on Ubuntu 8 (apt-get install fail2ban). Once the installation was completed I lost the connection and was unable to get back.

I had to access throughout its console and then executed:

Code:
/etc/inid.d/fail2ban start
After that I was able to connect via ssh again and already checked it, everything is working fine.

The problem is that I have a new production server to install such tool and this machine has no console so far.

Did anyone already face this kind of problem?

Any idea on a safe way to proceed?

Noway2 02-17-2011 04:16 AM
One real potential problem with applications like fail2ban and others that have an active response is that you can block yourself out. One thing you can do to prevent this is to put your IP address in the whitelist so that you don't get blocked. In fail2ban, you want to make your modifications to jail.conf.local. You can whitelist a host with a command like the following:
Code:
ignoreip = 127.0.0.1
, where according to the program's comments you can use an IP, a CIDR mask or a hostname.

I would also take a close look at your auth.log and fail2ban log to see why it blocked your host. It may have been a 'glitch' from install, but chances are there is something in the log file that triggered the pattern matching and could indicate that something isn't quite correct with your SSH connection.


All times are GMT -5. The time now is 10:02 AM.