Comments (2)
Yes, they can be combined, but only if your banning action intended to ban by <fid>
too (meant the intruders with the same <fid>
will be blocked, so it is not allowed to do further attempts for them, regardless from which IP it arrived). Otherwise (you'll still ban by IP in action), fail2ban would internally think the <fid>
is banned, and so doesn't execute the action, even if new failure has different<ip>
. Tag <fid>
is unique identifier for the ban.
If it must be banned by a combination, either <F-ID>
must include both data (the IP is also part of it), for instance <F-ID>[^@]*@<ADDR></F-ID>
instead of <F-ID>[^@]*</F-ID>@<ADDR>
.
Or you have to use tuples as ID (see #2755 (comment) fo details).
If the IP belong to the ban (and another tags are just informative, use <ADDR>
for IP and instead of <F-ID>
something other <F-*>
(but no ID), for instance <F-USER>
for user name (and you can use it as <F-USER>
in acton too). So in this case the identifier of ban remains the IP (and it is also banned by IP regardless the user name).
As for your actual result, it is unexpected... I don't know why it uses IP as fid... Which fail2ban version is it? Did you restart the jail after changes in the config?
from fail2ban.
Thank you so much for the great explanations!
I tried what you suggested and it worked. Out of curiosity, I tried my old code again and it worked too! So it might have been the fact that I fixed my SELinux issue that resolved the problem.
Here's the policy I added, in case it might be useful to the community:
module sh_policy 1.0;
require {
type kmod_exec_t;
type ssh_exec_t;
type rpcd_t;
type autofs_t;
type ssh_home_t;
type ssh_port_t;
type fail2ban_t;
type default_t;
type krb5_keytab_t;
class dir search;
class file { execute execute_no_trans getattr map open read };
class tcp_socket name_connect;
}
#============= fail2ban_t ==============
allow fail2ban_t autofs_t:dir search;
allow fail2ban_t default_t:file { execute getattr };
allow fail2ban_t krb5_keytab_t:dir search;
allow fail2ban_t ssh_exec_t:file { execute execute_no_trans getattr open read };
#!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
allow fail2ban_t ssh_exec_t:file map;
allow fail2ban_t ssh_home_t:dir search;
allow fail2ban_t ssh_home_t:file { getattr open read };
#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow fail2ban_t ssh_port_t:tcp_socket name_connect;
#============= rpcd_t ==============
allow rpcd_t kmod_exec_t:file getattr;
Sorry for the inconvenience
from fail2ban.
Related Issues (20)
- [RFE]: multi-line ignoreip doesn't handle end-of-line comments HOT 1
- [BR]: faulty regexes in sshd.conf? HOT 1
- Request new release HOT 1
- Active : failed HOT 1
- [FR]: sshd_filter not matching password authentication failed log line HOT 2
- [FR]: nginx-bad-request.conf nginx-botsearch.conf should also support the new journalctl format introduced in the other nginx filters
- New jail matches but doesn't ban nginx-limit-req.conf HOT 3
- [RFE]: Change cloudflare.conf to use WAF Custom Rules rather than Firewall Access Rules due to deprecation
- [BR]: basic setup fail HOT 2
- Not working filter apache logs HOT 1
- [FR]: qbittorrent-nox HOT 8
- [BR]: README.md typos
- Fail2ban - Raspberry Pi5 64bit Bookworm - not working as expected, not reading systemd logs? HOT 6
- [FR]: Ubuntu 22.04.4 LTS fail2ban Unable to match some authentication failure logs HOT 4
- [BR]: Test testStatusStats fails with 1.1.0 on Fedora Rawhide HOT 1
- Help Needed: Creating Fail2ban Filter for Exchange Autodiscover Failed Login Attempts HOT 1
- [BR]: installing fail2ban on ubuntu 24.04 with apt-get showing errors and is not starting HOT 2
- [BR]: ERROR No module named 'asynchat' on Ubuntu 24.04 HOT 4
- [FR]: Wordpress Fail2ban filter not processing authentication failures on Debian bookworm HOT 7
- [BR]:The jail set in the configuration file is not loaded HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.