What are the steps to install whois information for fail2ban

greavette · January 19, 2021, 3:58pm

NethServer Version: 7.9.2009
Module: Fail2ban -

I’ve installed fail2ban on my Nethserver and I’m very happy to have it. But I’ve noticed that when an IP is banned I receive an email like the following:

Hi,

The IP 45.72.235.197 has just been banned by Fail2Ban after
6 attempts against nextcloud-auth.

Here is more information about 45.72.235.197 :

missing whois program

Regards,

Fail2Ban

I’ve searched the forums and found reference to whois being an available option when I installed fail2ban. I guess I didn’t check that box and don’t have whois installed. The following Nethserver Docs mentions installing whois.

https://docs.nethserver.org/en/v7/fail2ban.html

But I don’t want to do install anything incorrectly here on my Production Nethserver. What is the procedure to safely install whois and configure my fail2ban to use this whois program? I also see reference to port 43 needing to be opened.

Is there a full documentation to how to install whois on Nethserver?

Thank you.

mark_nl · January 19, 2021, 5:04pm

I remember this is a misleading error message from fail2ban.

IIRC it had to do with a network - firewall setup outside nethserver, let me search a bit

mark_nl · January 19, 2021, 5:07pm

here it is:

Could you go trough the suggested steps?

EDIT:
Most important check on the command line if whois is installed: which whois

If it is missing it is safe to install : yum install whois

greavette · January 19, 2021, 7:09pm

Hey @mark_nl ! Thanks for the quick reply!

When I issue the which whois command I get a result of:

/usr/bin/which: no whois in (/sbin/e-smith:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin)

So it would appear that I do not have whois installed. If I issue the yum install whois…what do I do to configure my fail2ban to use this whois? Or will it automatically use it with no configuration changes required by me.

And will installing whois be affected by any future Nethserver updates?

Thank you.

Andy_Wismer · January 19, 2021, 7:28pm

@greavette

Hi Charles

Fail2ban will find that whois and use it without any further issues.
Whois will not have any issues with NethServer updates.

My 2 cents
Andy

mark_nl · January 19, 2021, 7:33pm

@stephdl should we add whois as an dependency?

greavette · January 19, 2021, 7:35pm

Thanks for confirming @Andy_Wismer. I’ve installed whois on my test Nethserver and did a quick test (to my guacamole). My IP was successfully blocked by fail2ban and the email I received for the banned IP gave whois details.

Awesome work team! Thank you!

stephdl · January 19, 2021, 7:57pm

when we install nethserver-fail2ban in cockpit, whois should be installed too

greavette · January 19, 2021, 8:00pm

I must have installed fail2ban before this automatic install of whois was implemented. Nice to see it was a quick fix for me.

Thanks @mark_nl for pointing me in the right direction.

mark_nl · January 19, 2021, 8:00pm

Pretty sure I installed it from cockpit and have to amid it was missing here too.

EDIT: have been setting up a brand new vps (so installed NS on top of CentOS) whois is not installed there either while fail2ban is.

stephdl · January 19, 2021, 8:03pm

confirmed the software center has not installed whois, it should have been installed, netgui propose it as optional, if you check it it is installed.

cc @giacomo @davidep

stephdl · January 19, 2021, 8:16pm

I think we have a bug here

if you check https://github.com/NethServer/comps/blob/0049cac451928827414f2ccf395374c81493664e/updates-groups.xml.in#L823

you can see whois is an optional package, it is listed in the software center as something we will install it if you clic on fail2ban (check the (i) button) however as it is an optional it is not installed. With netgui we have a different behavior, optional rpm gets a checkbox to install it

We have a similar effect with nethserver-mail , nethserver-mail-quarantine, nethserver-mail-disclaimer are optional and are not installed in the software center of cockpit but get a checkbox in netgui to be installed

cc @giacomo @davidep

giacomo · January 20, 2021, 4:56pm

I agree, I think we have a bug here.
I was pretty sure that optional packages were automatically installed.

stephdl · January 20, 2021, 4:59pm

in some cases it can be too much, for fail2ban we could fix it by a require in the spec file, it is just one rpm, however for nethserver-mail-disclaimer & nethserver-mail-quarantine I worry that we could make an issue if we install them when they are optional

giacomo · January 21, 2021, 8:06am

Yes, but I was wrongly convinced that optional packages were automatically installed.

So for now let’s fix fail2ban just adding the dependency.
Even if, IMHO the whois is not so useful