Hi,
i´ve installed the Fail2Ban module from https://wiki.nethserver.org/doku.php?id=module:fail2ban
I turned all necessary jails on but when trying to login my nethserver webinterface and entering up to 5 bad user/password combinations it´s still not banning my ip.
Can anyone tell me why?
can you check in which log file you can found this line
192.168.xxx.xxx - - [19/Oct/2017:17:28:35 +0200] “POST /en-US/Login.json HTTP/1.1” 400 550
when you have a failed attempt in nethgui this line can be found in /var/log/httpd-admin/access_log
my concern is that I have the same issue than you, because the failed attempt are logged in /var/log/httpd-admin/access_log-20171012
do you have something written in /var/log/httpd-admin/access_log
yeah i think it´s the same issue…
My access_log file is empty. The log is generated in something like access_log-yyddmm:
Any ideas what to do?
Btw.: My bad login attemps are shown as
192.168.xxx.xxx - - [19/Oct/2017:19:33:33 +0200] “POST /en-US/Login.json HTTP/1.1” 400 543
In my logfile.
I can see the same issue with also httpd…after a log rotate, the httpd file (access,error) are empty and a new one is created with a date in the name.
@davidep do you have some clues
fail2ban grep the file /var/log/httpd-admin/*log if they are empty, we have a problem 
I believe I have a workaround
add a wildcard '*' to the watched log (eg /var/log/httpd-admin/access_log*)
reload the fail2ban configuration when the fail2ban logs are rotated
The banned IPs before the log rotation are banned again after the reloaded configurations
If i do so - restarting the fail2ban service ends up with an error:
[root@net01 ~]# service fail2ban restart
Redirecting to /bin/systemctl restart fail2ban.service
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
[root@net01 ~]# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Thu 2017-10-19 21:51:24 CEST; 9s ago
Docs: man:fail2ban(1)
Process: 27432 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
Process: 27443 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Main PID: 23375 (code=killed, signal=TERM)
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: Failed to start Fail2Ban Service.
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: Unit fail2ban.service entered failed state.
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: fail2ban.service failed.
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: fail2ban.service holdoff time over, scheduling restart.
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: start request repeated too quickly for fail2ban.service
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: Failed to start Fail2Ban Service.
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: Unit fail2ban.service entered failed state.
Oct 19 21:51:24 net01.mynethserver.co systemd[1]: fail2ban.service failed.
Did you change anything else?
well in fact the wildcard must be added in the jail.local but it is a templated file you cannot add it directly.
I pushed an update to solve you issue, do a yum update in few hours and remove the '*' of the httpd file
Thank you that worked!