fail2ban: per default provide working jail "ssh"
The current default config for fail2ban in the Alpine Aport seems to have all jails inactive. So while you’ll have a running fail2ban it will not do anything, neither scan any log file for abuse nor put the abusers into the jails or notify you.
While everyone has their own idea and a fail2ban config for a server needs to be manually edited to reflect all the services on the systems, fail2ban will “normally” (in other package managers / distros) come with the most critical jail for protecting SSH enabled.
I think a good default config would allow a few retries and silently block. (as to not get in the way but offer basic protection by default). If an init script can issue warnings but still go to OK state, I’d go as far as adding a message to console or syslog at start time if no jails are enabled.
I don’t know if people agree with me on this.
If yes then I can try to solve this bug.
Current:
atgate:/etc/fail2ban# fail2ban-client status
Status
|- Number of jail: 0
`- Jail list:
With jail enabled:
atgate:/etc/fail2ban# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
atgate:/etc/fail2ban# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp — anywhere anywhere tcp dpt:ssh
(from redmine: issue id 966, created on 2012-01-30, closed on 2015-12-09)
- Changesets:
- Revision d0457a4c on 2015-12-09T10:38:29Z:
main/fail2ban: add default SSH jail. Fixes #966