Fail2Ban not ban IP (Service Running and Active)

[morshedul]

Yesterday I Installed and configure Fail2Ban on my proxmox.
I checked that Fail2Ban is running and active.

But when I try to login my proxmox from web GUI with wrong password more than 10 time it's not block my IP.
i don't know where is the problem. someone please suggest me to solve it. I'm restered several time.


root@dell-proxmox:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-04-20 09:01:20 +06; 4h 33min ago
Docs: man:fail2ban(1)
Main PID: 701282 (fail2ban-server)
Tasks: 7 (limit: 76530)
Memory: 56.0M
CPU: 17.861s
CGroup: /system.slice/fail2ban.service
└─701282 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Apr 20 09:01:20 dell-proxmox systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 09:01:20 dell-proxmox fail2ban-server[701282]: Server ready
root@dell-proxmox:~#


root@dell-proxmox:~# fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf

Running tests
=============

Use failregex filter file : proxmox, basedir: /etc/fail2ban
Use single line : /var/log/daemon.log


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.01 sec]

|- Missed line(s):
| /var/log/daemon.log
`-
root@dell-proxmox:~#

Filter Config​

[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

/etc/fail2ban/jail.local
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
backend = systemd
maxretry = 3
findtime = 2d
bantime = 1h

 

[hand363]

I have been trying to solve this myself for a while.. and have failed. The wiki is horribly outdated and other post like (https://forum.proxmox.com/threads/pve-8-0-–-fail2ban-log-locations-missing.129338/) don't explain/show how to solve this clearly. If you figure it out please provide clear instruction for other like myself. I will also.

 

[hand363]

Yesterday I Installed and configure Fail2Ban on my proxmox.
I checked that Fail2Ban is running and active.

But when I try to login my proxmox from web GUI with wrong password more than 10 time it's not block my IP.
i don't know where is the problem. someone please suggest me to solve it. I'm restered several time.


root@dell-proxmox:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-04-20 09:01:20 +06; 4h 33min ago
Docs: man:fail2ban(1)
Main PID: 701282 (fail2ban-server)
Tasks: 7 (limit: 76530)
Memory: 56.0M
CPU: 17.861s
CGroup: /system.slice/fail2ban.service
└─701282 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Apr 20 09:01:20 dell-proxmox systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 20 09:01:20 dell-proxmox fail2ban-server[701282]: Server ready
root@dell-proxmox:~#


root@dell-proxmox:~# fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf

Running tests
=============

Use failregex filter file : proxmox, basedir: /etc/fail2ban
Use single line : /var/log/daemon.log


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.01 sec]

|- Missed line(s):
| /var/log/daemon.log
`-
root@dell-proxmox:~#

Filter Config​

[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

/etc/fail2ban/jail.local
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
backend = systemd
maxretry = 3
findtime = 2d
bantime = 1h

I got it to work in the latest response in the linked thread: https://forum.proxmox.com/threads/pve-8-0-–-fail2ban-log-locations-missing.129338/

 

[morshedul]

I got it to work in the latest response in the linked thread: https://forum.proxmox.com/threads/pve-8-0-–-fail2ban-log-locations-missing.129338/

Thanks