Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] jail configuration is ignored #31

Closed
1 task done
FranzDeschler opened this issue Dec 4, 2024 · 3 comments
Closed
1 task done

[BUG] jail configuration is ignored #31

FranzDeschler opened this issue Dec 4, 2024 · 3 comments

Comments

@FranzDeschler
Copy link

FranzDeschler commented Dec 4, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I don´t know if this is a bug or expected behaviour, but I think it´s worth investigating.

As I created a custom jail by adding a custom jail.d/jellyfin.local, the corresponding [jellyfin] section in the jail.local file was ignored completely. The logs show that the file is loaded, but at the end of the logs, it says "No custom files found".
The solution is to delete the jail.d/jellyfin.local file completely and move its content into the jail.local file. But as long as jail.d/jellyfin.local exists, the [jellyfin] configuration is ignored without any warning or error.

Expected Behavior

I followed the guide in the Jellyfin documentation and expected that creating the jail.d/jellyfin.local would add a valid jail for fail2ban. If this is not how fail2ban should be configured, I would expect a warning in the logs, that this jail will be ignored.

Steps To Reproduce

Environment: Unraid 6.12 / linuxserver/fail2ban 2024-10-12

  1. create file jail.d/jellyfin.local with the following content:
[jellyfin]
enabled = false
port = http,https
chain = DOCKER-USER
logpath = %(remote_logs_path)s/jellyfin/log_*.log
  1. create file filter.d/jellyfin.local with the following content:
[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.
  1. create file jail.local with the following content:
[jellyfin]
enabled = true
  1. start the fail2ban container

Environment

- OS: Unraid 6.12
- Container: linuxserver/fail2ban 2024-10-12
- How docker service was installed: Unraid community store

CPU architecture

x86-64

Docker creation

I created the container via the Unraid web UI

Container logs

Brought to you by linuxserver.io
───────────────────────────────────────
 2024-12-04 17:56:29,844 14591EE81B28 INFO  Loading configs for fail2ban under /etc/fail2ban 
 2024-12-04 17:56:29,845 14591EE81B28 DEBUG Reading configs for fail2ban under /etc/fail2ban 
 2024-12-04 17:56:29,845 14591EE81B28 DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
 2024-12-04 17:56:29,846 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']
 2024-12-04 17:56:29,846 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']
 2024-12-04 17:56:29,847 14591EE81B28 INFO  Using socket file /var/run/fail2ban/fail2ban.sock
 2024-12-04 17:56:29,847 14591EE81B28 INFO  Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /config/log/fail2ban/fail2ban.log
 2024-12-04 17:56:29,848 14591EE81B28 INFO  Loading configs for jail under /etc/fail2ban 
 2024-12-04 17:56:29,848 14591EE81B28 DEBUG Reading configs for jail under /etc/fail2ban 
 2024-12-04 17:56:29,857 14591EE81B28 DEBUG Reading config files: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.d/airsonic-auth.conf, /etc/fail2ban/jail.d/apache-auth.conf, /etc/fail2ban/jail.d/apache-badbots.conf, /etc/fail2ban/jail.d/apache-botsearch.conf, /etc/fail2ban/jail.d/apache-fakegooglebot.conf, /etc/fail2ban/jail.d/apache-modsecurity.conf, /etc/fail2ban/jail.d/apache-nohome.conf, /etc/fail2ban/jail.d/apache-noscript.conf, /etc/fail2ban/jail.d/apache-overflows.conf, /etc/fail2ban/jail.d/apache-shellshock.conf, /etc/fail2ban/jail.d/authelia-auth.conf, /etc/fail2ban/jail.d/bitwarden.conf, /etc/fail2ban/jail.d/dropbear.conf, /etc/fail2ban/jail.d/emby-auth.conf, /etc/fail2ban/jail.d/filebrowser-auth.conf, /etc/fail2ban/jail.d/gitea-auth.conf, /etc/fail2ban/jail.d/gitlab.conf, /etc/fail2ban/jail.d/grafana.conf, /etc/fail2ban/jail.d/guacamole.conf, /etc/fail2ban/jail.d/haproxy-http-auth.conf, /etc/fail2ban/jail.d/homeassistant-auth.conf, /etc/fail2ban/jail.d/lighttpd-auth.conf, /etc/fail2ban/jail.d/nextcloud-auth.conf, /etc/fail2ban/jail.d/nginx-418.conf, /etc/fail2ban/jail.d/nginx-bad-request.conf, /etc/fail2ban/jail.d/nginx-badbots.conf, /etc/fail2ban/jail.d/nginx-botsearch.conf, /etc/fail2ban/jail.d/nginx-deny.conf, /etc/fail2ban/jail.d/nginx-http-auth.conf, /etc/fail2ban/jail.d/nginx-limit-req.conf, /etc/fail2ban/jail.d/nginx-unauthorized.conf, /etc/fail2ban/jail.d/nzbget-auth.conf, /etc/fail2ban/jail.d/openhab-auth.conf, /etc/fail2ban/jail.d/overseerr-auth.conf, /etc/fail2ban/jail.d/php-url-fopen.conf, /etc/fail2ban/jail.d/phpmyadmin-syslog.conf, /etc/fail2ban/jail.d/prowlarr-auth.conf, /etc/fail2ban/jail.d/radarr-auth.conf, /etc/fail2ban/jail.d/sabnzbd-auth.conf, /etc/fail2ban/jail.d/selinux-ssh.conf, /etc/fail2ban/jail.d/sonarr-auth.conf, /etc/fail2ban/jail.d/sshd.conf, /etc/fail2ban/jail.d/suhosin.conf, /etc/fail2ban/jail.d/traefik-auth.conf, /etc/fail2ban/jail.d/unifi-controller-auth.conf, /etc/fail2ban/jail.d/unraid-sshd.conf, /etc/fail2ban/jail.d/unraid-webgui.conf, /etc/fail2ban/jail.d/vaultwarden-auth.conf, /etc/fail2ban/jail.d/znc-adminlog.conf, /etc/fail2ban/jail.d/zoneminder.conf, /etc/fail2ban/jail.local, /etc/fail2ban/jail.d/jellyfin.local
 2024-12-04 17:56:29,863 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.conf']
 2024-12-04 17:56:29,865 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/paths-lsio.conf']
 2024-12-04 17:56:29,866 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/paths-common.conf']
 2024-12-04 17:56:29,867 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/paths-overrides.local']
 2024-12-04 17:56:29,867 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/airsonic-auth.conf']
 2024-12-04 17:56:29,868 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-auth.conf']
 2024-12-04 17:56:29,868 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-badbots.conf']
 2024-12-04 17:56:29,869 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-botsearch.conf']
 2024-12-04 17:56:29,870 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-fakegooglebot.conf']
 2024-12-04 17:56:29,870 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-modsecurity.conf']
 2024-12-04 17:56:29,871 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-nohome.conf']
 2024-12-04 17:56:29,872 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-noscript.conf']
 2024-12-04 17:56:29,872 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-overflows.conf']
 2024-12-04 17:56:29,873 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/apache-shellshock.conf']
 2024-12-04 17:56:29,873 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/authelia-auth.conf']
 2024-12-04 17:56:29,874 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/bitwarden.conf']
 2024-12-04 17:56:29,874 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/dropbear.conf']
 2024-12-04 17:56:29,875 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/emby-auth.conf']
 2024-12-04 17:56:29,876 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/filebrowser-auth.conf']
 2024-12-04 17:56:29,876 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/gitea-auth.conf']
 2024-12-04 17:56:29,877 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/gitlab.conf']
 2024-12-04 17:56:29,878 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/grafana.conf']
 2024-12-04 17:56:29,879 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/guacamole.conf']
 2024-12-04 17:56:29,880 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/haproxy-http-auth.conf']
 2024-12-04 17:56:29,880 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/homeassistant-auth.conf']
 2024-12-04 17:56:29,881 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/lighttpd-auth.conf']
 2024-12-04 17:56:29,882 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nextcloud-auth.conf']
 2024-12-04 17:56:29,882 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-418.conf']
 2024-12-04 17:56:29,883 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-bad-request.conf']
 2024-12-04 17:56:29,884 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-badbots.conf']
 2024-12-04 17:56:29,884 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-botsearch.conf']
 2024-12-04 17:56:29,885 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-deny.conf']
 2024-12-04 17:56:29,885 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-http-auth.conf']
 2024-12-04 17:56:29,886 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-limit-req.conf']
 2024-12-04 17:56:29,887 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nginx-unauthorized.conf']
 2024-12-04 17:56:29,887 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/nzbget-auth.conf']
 2024-12-04 17:56:29,888 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/openhab-auth.conf']
 2024-12-04 17:56:29,889 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/overseerr-auth.conf']
 2024-12-04 17:56:29,890 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/php-url-fopen.conf']
 2024-12-04 17:56:29,891 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/phpmyadmin-syslog.conf']
 2024-12-04 17:56:29,891 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/prowlarr-auth.conf']
 2024-12-04 17:56:29,892 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/radarr-auth.conf']
 2024-12-04 17:56:29,893 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/sabnzbd-auth.conf']
 2024-12-04 17:56:29,894 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/selinux-ssh.conf']
 2024-12-04 17:56:29,894 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/sonarr-auth.conf']
 2024-12-04 17:56:29,895 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/sshd.conf']
 2024-12-04 17:56:29,896 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/suhosin.conf']
 2024-12-04 17:56:29,896 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/traefik-auth.conf']
 2024-12-04 17:56:29,897 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/unifi-controller-auth.conf']
 2024-12-04 17:56:29,897 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/unraid-sshd.conf']
 2024-12-04 17:56:29,899 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/unraid-webgui.conf']
 2024-12-04 17:56:29,899 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/vaultwarden-auth.conf']
 2024-12-04 17:56:29,900 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/znc-adminlog.conf']
 2024-12-04 17:56:29,900 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/zoneminder.conf']
 2024-12-04 17:56:29,901 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.local']
 2024-12-04 17:56:29,902 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/jail.d/jellyfin.local']
 2024-12-04 17:56:29,902 14591EE81B28 INFO    Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-lsio.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/airsonic-auth.conf', '/etc/fail2ban/jail.d/apache-auth.conf', '/etc/fail2ban/jail.d/apache-badbots.conf', '/etc/fail2ban/jail.d/apache-botsearch.conf', '/etc/fail2ban/jail.d/apache-fakegooglebot.conf', '/etc/fail2ban/jail.d/apache-modsecurity.conf', '/etc/fail2ban/jail.d/apache-nohome.conf', '/etc/fail2ban/jail.d/apache-noscript.conf', '/etc/fail2ban/jail.d/apache-overflows.conf', '/etc/fail2ban/jail.d/apache-shellshock.conf', '/etc/fail2ban/jail.d/authelia-auth.conf', '/etc/fail2ban/jail.d/bitwarden.conf', '/etc/fail2ban/jail.d/dropbear.conf', '/etc/fail2ban/jail.d/emby-auth.conf', '/etc/fail2ban/jail.d/filebrowser-auth.conf', '/etc/fail2ban/jail.d/gitea-auth.conf', '/etc/fail2ban/jail.d/gitlab.conf', '/etc/fail2ban/jail.d/grafana.conf', '/etc/fail2ban/jail.d/guacamole.conf', '/etc/fail2ban/jail.d/haproxy-http-auth.conf', '/etc/fail2ban/jail.d/homeassistant-auth.conf', '/etc/fail2ban/jail.d/lighttpd-auth.conf', '/etc/fail2ban/jail.d/nextcloud-auth.conf', '/etc/fail2ban/jail.d/nginx-418.conf', '/etc/fail2ban/jail.d/nginx-bad-request.conf', '/etc/fail2ban/jail.d/nginx-badbots.conf', '/etc/fail2ban/jail.d/nginx-botsearch.conf', '/etc/fail2ban/jail.d/nginx-deny.conf', '/etc/fail2ban/jail.d/nginx-http-auth.conf', '/etc/fail2ban/jail.d/nginx-limit-req.conf', '/etc/fail2ban/jail.d/nginx-unauthorized.conf', '/etc/fail2ban/jail.d/nzbget-auth.conf', '/etc/fail2ban/jail.d/openhab-auth.conf', '/etc/fail2ban/jail.d/overseerr-auth.conf', '/etc/fail2ban/jail.d/php-url-fopen.conf', '/etc/fail2ban/jail.d/phpmyadmin-syslog.conf', '/etc/fail2ban/jail.d/prowlarr-auth.conf', '/etc/fail2ban/jail.d/radarr-auth.conf', '/etc/fail2ban/jail.d/sabnzbd-auth.conf', '/etc/fail2ban/jail.d/selinux-ssh.conf', '/etc/fail2ban/jail.d/sonarr-auth.conf', '/etc/fail2ban/jail.d/sshd.conf', '/etc/fail2ban/jail.d/suhosin.conf', '/etc/fail2ban/jail.d/traefik-auth.conf', '/etc/fail2ban/jail.d/unifi-controller-auth.conf', '/etc/fail2ban/jail.d/unraid-sshd.conf', '/etc/fail2ban/jail.d/unraid-webgui.conf', '/etc/fail2ban/jail.d/vaultwarden-auth.conf', '/etc/fail2ban/jail.d/znc-adminlog.conf', '/etc/fail2ban/jail.d/zoneminder.conf', '/etc/fail2ban/jail.local', '/etc/fail2ban/jail.d/jellyfin.local']
 2024-12-04 17:56:29,903 14591EE81B28 DEBUG 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
 2024-12-04 17:56:29,905 14591EE81B28 DEBUG   direct starting of server in 167, daemon: False

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    99
User GID:    100
───────────────────────────────────────
Linuxserver.io version: 1.1.0-r0-ls84
Build-date: 2024-12-01T22:44:23+00:00
───────────────────────────────────────
    
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Server ready
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

@mtrolley
Copy link

mtrolley commented Dec 5, 2024
edited
Loading

I replied on the Discourse thread, but also wanted to point out here that I don't think this is a bug. The documentation says:

jail.d/ and fail2ban.d/

In addition to .local, for jail.conf or fail2ban.conf file there can be a corresponding .d/ directory containing additional .conf files. The order e.g. for jail configuration would be:

jail.conf
jail.d/.conf (in alphabetical order)
jail.local
jail.d/.local (in alphabetical order).

i.e. all .local files are parsed after .conf files in the original configuration file and files under .d directory. Settings in the file parsed later take precedence over identical entries in previously parsed files.

The jail is set as enabled in jail.local and disabled in jail.d/jellyfin.local, and the second file is processed last, so it's setting it as disabled.

@FranzDeschler
Copy link
Author

I see. That was probably my misunderstanding. I thought jail.d/.local files would be processed after jail.d/.conf files, but before jail.local.

@LinuxServer-CI LinuxServer-CI moved this from Issues to Done in Issue & PR Tracker Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Issue & PR Tracker
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mtrolley @FranzDeschler