Fail2ban, is it working?

SuperDude123 · 02-16-2009, 11:36 PM

I just installed fail2ban, but how do I know if its running? I checked in top and I didn't see it. I also don't want to try to log in a few times just to lock my self out.

How do I also know if it will load at start up?

alan_ri · 02-17-2009, 02:30 AM

fail2ban must be started by you.In open SUSE I would do

Code:

/etc/init.d/fail2ban start

to start it and

Code:

chkconfig --add fail2ban

to make f2b load on startup.F2b configuration files are stored in the /etc/fail2ban directory,so there you can configure it the way you want.

Quote:

Some of the configuration options are:

ignoreip: This is a space-separated list of IP addresses that cannot be blocked by fail2ban. For example, if the computer from which you're connecting to the server has a static IP address, you might want to list it here.
bantime: Time in seconds that a host is blocked if it was caught by fail2ban (600 seconds = 10 minutes).
maxretry: Max. number of failed login attempts before a host is blocked by fail2ban.
filter: Refers to the appropriate filter file in /etc/fail2ban/filter.d.
action: Refers to the appropriate action file in /etc/fail2ban/action.d.
logpath: The log file that fail2ban checks for failed login attempts.

If you're using Gnome,there is somewhere under System>Administration a "services" or similar option where you can add an app to be loaded on startup.There is something similar in the KDE.

SuperDude123 · 02-17-2009, 12:34 PM

How do I start it in Debian, and I need the commands since I'm doing this over SSH.

repo · 02-17-2009, 12:41 PM

in debian, when you installes it, it should also be started.

Code:

/etc/init.d/fail2ban restart

To see if it runs

Code:

ps ax | grep fail2ban

SuperDude123 · 02-17-2009, 12:47 PM

When I do

ps ax | grep fail2ban

I get

2802 ? Sl 0:01 python2.4 /usr/bin/fail2ban-server -b -s /tmp/fail2ban.sock
3083 pts/0 S+ 0:00 grep fail2ban

Does this mean that it's running? How do I check if it will start when the system boots?

repo · 02-17-2009, 12:54 PM

Quote:

Does this mean that it's running? How do I check if it will start when the system boots?

yes it is running.
Since it is in /etc/init.d, it will start after every reboot.

farslayer · 02-17-2009, 12:59 PM

In Debian you can run sysv-rc-conf and see if fail2ban is checked in runlevel 2

CaptainInsane · 02-17-2009, 09:09 PM

You can check to see if it is running with:

fail2ban-client status

You can also do a iptables -L command to see if the rules have been added to iptables
if you are using that.