I’ve installed fail2ban on my Nethserver and I’m very happy to have it. But I’ve noticed that when an IP is banned I receive an email like the following:
The IP 126.96.36.199 has just been banned by Fail2Ban after
6 attempts against nextcloud-auth.
Here is more information about 188.8.131.52 :
missing whois program
I’ve searched the forums and found reference to whois being an available option when I installed fail2ban. I guess I didn’t check that box and don’t have whois installed. The following Nethserver Docs mentions installing whois.
But I don’t want to do install anything incorrectly here on my Production Nethserver. What is the procedure to safely install whois and configure my fail2ban to use this whois program? I also see reference to port 43 needing to be opened.
Is there a full documentation to how to install whois on Nethserver?
When I issue the which whois command I get a result of:
/usr/bin/which: no whois in (/sbin/e-smith:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin)
So it would appear that I do not have whois installed. If I issue the yum install whois…what do I do to configure my fail2ban to use this whois? Or will it automatically use it with no configuration changes required by me.
And will installing whois be affected by any future Nethserver updates?
Thanks for confirming @Andy_Wismer. I’ve installed whois on my test Nethserver and did a quick test (to my guacamole). My IP was successfully blocked by fail2ban and the email I received for the banned IP gave whois details.
you can see whois is an optional package, it is listed in the software center as something we will install it if you clic on fail2ban (check the (i) button) however as it is an optional it is not installed. With netgui we have a different behavior, optional rpm gets a checkbox to install it
We have a similar effect with nethserver-mail , nethserver-mail-quarantine, nethserver-mail-disclaimer are optional and are not installed in the software center of cockpit but get a checkbox in netgui to be installed
in some cases it can be too much, for fail2ban we could fix it by a require in the spec file, it is just one rpm, however for nethserver-mail-disclaimer & nethserver-mail-quarantine I worry that we could make an issue if we install them when they are optional