Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CentOS ssh jail template actually needs "sshd" #34

Closed
7yl4r opened this issue Jun 19, 2017 · 0 comments · Fixed by #50
Closed

CentOS ssh jail template actually needs "sshd" #34

7yl4r opened this issue Jun 19, 2017 · 0 comments · Fixed by #50

Comments

@7yl4r
Copy link

7yl4r commented Jun 19, 2017

I'm guessing this is a typo but it may be something intentional. The template for CentOS (/templates/Final/etc/fail2ban/jail.conf.erb) contains the following lines:

enabled = <%= scope['::fail2ban::jails'].include? "sshd" %>
...
enabled = <%= scope['::fail2ban::jails'].include? "sshd-ddos" %>

This means that by default no jails are activated on CentOS, because default jails include

fail2ban::jails:
    - 'ssh'
    - 'ssh-ddos'

but the centos template is checking for sshd and sshd-ddos.

A workaround to apply the same config to CentOS and other (Ubuntu for example) machines is to include the (undocumented) sshd jails as well as the ssh ones:

fail2ban::jails:
    - 'ssh'
    - 'sshd'
    - 'ssh-ddos'
    - 'sshd-ddos'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make 'ssh' and 'ssh-ddos' jail names be consistent across operating systems saibot94/puppet-fail2ban
1 participant
@7yl4r