• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue fail2ban: Plesk does not correctly create jail.local (or is it correct?)

K

King555

Regular Pleskian
I just configured fail2ban via Plesk and afterwards I checked the jail.local file in /etc/fail2ban/.

It seems like this file is not created correctly by Plesk. Or do I misunderstand something?

Here is the relevant content:

Code: 
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
maxretry = 3
destemail = [email protected]
findtime = 600
bantime = 86400

[recidive]
enabled = true
maxretry = 5

[plesk-proftpd]
enabled = true
maxretry = 10
action = iptables-allports[name=plesk-proftpd]

[plesk-postfix]
enabled = true
maxretry = 3
action = iptables-allports[name=plesk-postfix]

[plesk-horde]
enabled = true

[plesk-apache-badbot]
enabled = true
bantime = 604800
action = iptables-allports[name=plesk-apache-badbot]

[plesk-wordpress]
enabled = false

[plesk-roundcube]
enabled = true
action = iptables-allports[name=plesk-roundcube]
        sendmail[dest="root", sender="fail2ban", sendername="Fail2Ban", name="default"]

What I'm missing compared to my configuration in Plesk:
- bantime of recidive was set to 604800, but not in the jail.local
- horde should be enabled=false or removed, because I do not have this jail in my list as Horde is not installed (it was for 5 minutes, then I switched to Roundcube)
- plesk-apache-badbot was set to 1 retry, jail.local does not contain line, so I guess the default of 3 will be the value
- Not critical: plesk-postfix has the same maxretry as the default value, shouldn't this value be omitted then?

Is this a bug or is everything working normally, because the information in the jail.local is not the complete configuration?
 
More than 3 years later I allow myself a push post.

- bantime of recidive was set to 604800, but not in the jail.local => still a problem
- horde should be enabled=false or removed, because I do not have this jail in my list as Horde is not installed (it was for 5 minutes, then I switched to Roundcube) => meanwhile solved
- plesk-apache-badbot was set to 1 retry, jail.local does not contain line, so I guess the default of 3 will be the value => still a problem
- Not critical: plesk-postfix has the same maxretry as the default value, shouldn't this value be omitted then? => still a problem, but this time for the ssh jail (meanwhile I set postfix to 2 and this is also visible in the jail.local file); there are other jails with 3 retries which have no value in the file (which seems correctly), so quite a strange behaviour

Any fail2ban experts here? ;)

Also there is another problem with the ssh jail. I want to set it to 2 retries, but then I get banned after only 1 try. So I have to set it to 3 to have 2 retries. What's the logic behind this? In my opinion 2 retries should mean you can type the password incorrectly for 2 times.

Code: 
[ssh]
maxretry = 3
enabled = true
action = iptables-allports[chain="INPUT", name="ssh", protocol="all", returntype="RETURN", lockingopt="-w"]
        sendmail[mailcmd='/usr/sbin/sendmail -f "[email protected]" "[email protected]"', dest="[email protected]", sender="[email protected]", sendername="Fail2Ban", name="ssh"]
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
B
Issue I need help getting setting up a filter for AH01264 in fail2ban
Replies
1
Views
1K
Peter Debik
P
L
Question Question before activating Plesk firewall
Replies
2
Views
340
VanessaChuuy
VanessaChuuy
J
Issue Default plesk-apache-badbot fail2ban doesn't work
2
Replies
21
Views
6K
Kaspar
K
J
Resolved Default plesk-wordpress fail2ban doesn't work
Replies
4
Views
2K
Mark_NLD
M
Back
Top