What are the steps to install whois information for fail2ban

NethServer Version: 7.9.2009
Module: Fail2ban -

Hello @support_team,

I’ve installed fail2ban on my Nethserver and I’m very happy to have it. But I’ve noticed that when an IP is banned I receive an email like the following:

Hi,

The IP 45.72.235.197 has just been banned by Fail2Ban after
6 attempts against nextcloud-auth.

Here is more information about 45.72.235.197 :

missing whois program

Regards,

Fail2Ban

I’ve searched the forums and found reference to whois being an available option when I installed fail2ban. I guess I didn’t check that box and don’t have whois installed. The following Nethserver Docs mentions installing whois.

But I don’t want to do install anything incorrectly here on my Production Nethserver. What is the procedure to safely install whois and configure my fail2ban to use this whois program? I also see reference to port 43 needing to be opened.

Is there a full documentation to how to install whois on Nethserver?

Thank you.

I remember this is a misleading error message from fail2ban.

IIRC it had to do with a network - firewall setup outside nethserver, let me search a bit

here it is:

Could you go trough the suggested steps?

EDIT:
Most important check on the command line if whois is installed: which whois

If it is missing it is safe to install : yum install whois

2 Likes

Hey @mark_nl ! Thanks for the quick reply!

When I issue the which whois command I get a result of:

/usr/bin/which: no whois in (/sbin/e-smith:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin)

So it would appear that I do not have whois installed. If I issue the yum install whois…what do I do to configure my fail2ban to use this whois? Or will it automatically use it with no configuration changes required by me.

And will installing whois be affected by any future Nethserver updates?

Thank you.

@greavette

Hi Charles

Fail2ban will find that whois and use it without any further issues.
Whois will not have any issues with NethServer updates.

My 2 cents
Andy

2 Likes

@stephdl should we add whois as an dependency?

2 Likes

Thanks for confirming @Andy_Wismer. I’ve installed whois on my test Nethserver and did a quick test (to my guacamole). My IP was successfully blocked by fail2ban and the email I received for the banned IP gave whois details.

Awesome work team! Thank you!

1 Like

when we install nethserver-fail2ban in cockpit, whois should be installed too :expressionless:

1 Like

I must have installed fail2ban before this automatic install of whois was implemented. Nice to see it was a quick fix for me.

Thanks @mark_nl for pointing me in the right direction.

Pretty sure I installed it from cockpit and have to amid it was missing here too.

EDIT: have been setting up a brand new vps (so installed NS on top of CentOS) whois is not installed there either while fail2ban is.

confirmed the software center has not installed whois, it should have been installed, netgui propose it as optional, if you check it it is installed.

cc @giacomo @davidep

3 Likes

I think we have a bug here

if you check https://github.com/NethServer/comps/blob/0049cac451928827414f2ccf395374c81493664e/updates-groups.xml.in#L823

you can see whois is an optional package, it is listed in the software center as something we will install it if you clic on fail2ban (check the (i) button) however as it is an optional it is not installed. With netgui we have a different behavior, optional rpm gets a checkbox to install it

We have a similar effect with nethserver-mail , nethserver-mail-quarantine, nethserver-mail-disclaimer are optional and are not installed in the software center of cockpit but get a checkbox in netgui to be installed

cc @giacomo @davidep

5 Likes

I agree, I think we have a bug here.
I was pretty sure that optional packages were automatically installed. :frowning:

1 Like

in some cases it can be too much, for fail2ban we could fix it by a require in the spec file, it is just one rpm, however for nethserver-mail-disclaimer & nethserver-mail-quarantine I worry that we could make an issue if we install them when they are optional

2 Likes

Yes, but I was wrongly convinced that optional packages were automatically installed. :slight_smile:

So for now let’s fix fail2ban just adding the dependency.
Even if, IMHO the whois is not so useful :wink:

3 Likes