[Solved] How to reset the database used by fail2ban?


(stephane) #1

NethServer Version: 7.4.1708
Module: fail2ban

Hi everyone,

This is rather a topic for Stephdl as maintainer of the module fail2ban.

Fail2ban worked fine ‘out of the box’ for me, but unfortunatly after reading the Wiki ( https://wiki.nethserver.org/doku.php?id=module:fail2ban ) i tried to define a different bantime for each jail and then came the problems because i get banned from each service i installed (mail, nextcloud an so on). Disabling Fail2ban allows me to get my server works (it’s not a virtual one), i’m sure fail2ban is involved in this problem.

As a first workaround, i tried to reset each value as mentioned in the Wiki : it didn’t solve the problem when i reactivated Fail2ban.
So i tried to uninstall fail2ban, but it didn’t solved the problem either.
When typing : db configuration show fail2ban , i see that my configuration database is still there as i can see the IP’s i whitelisted, so following the developpers Guide, i tried to reset fail2ban’s database with : /usr/libexec/nethserver/initialize-fail2ban-database but it failed… Which didn’t surprized me when moving to /usr/libexec/nethserver/ i realized there’s no database related to fail2ban, so my question is :
how can i reinitialize fail2ban’s database, as i think it could do the job ?

Thanks & have a nice day.


(stephane) #2

[solved] Oups, as i don’t enable ‘Allow bans on the LAN’ and i always log in through my LAN, i didn’t read the logs… but my LAN IP was banned ! :open_mouth:
Unbanning it solved the problem.
Sorry for the inconvenience.

(Stéphane de Labrusse) #3

fail2ban-unban YOUR_IP

should solve the issue

after that dirty solution could be (at your own risk)

systemctl stop fail2ban
rm -rf /var/lib/nethserver/db/fail2ban
rm -rf /var/lib/fail2ban/fail2ban.sqlite3
systemctl start fail2ban

But if your IP is still written in log accordingly the findtime value, then you will be banned again

(stephane) #4

In order to remove my LAN IPs, i’ve settled bantime at 600s. After a
while, this removed my IPs, but i keep your solution in mind with
database location.