i have perhaps a stupid question but i don
t find the answer. I have install a fresh DietPi image (159) on a RaspberryPi 2 with Cloudshell on a 3,2"Waveshare-Display, fail2ban, Lets encrypt and owncloud.
I can access owncloud from the internet via ssl but i have no owncloud users. I get only the normal loginpage of owncloud, means a userfield and a password field. While installation i wasn´t ask for a password for the mariaDB or else. Should i create a user? But a linux user or a mariaDB user?
And i have an another problem. Fail2ban is on my other systems working fine after installing, but on this system i have to start fail2ban manual via “fail2ban-server” and after that i can see a good result after entering “fail2ban-client status”. While booting i see fail2ban → failed.
About ownCloud see here: https://dietpi.com/forum/t/dietpi-software-details-for-all-installation-options/22/1
Just enter admin and dietpi, everything else is prepared by installation script.
About fail2ban: We already found an error on RPi during APT installation, as a result of missing /var/log/auth.log. Manual creation fixed it. We wanted to fix this actually but it fell out of scope somehow.
Just test, if ‘touch /var/log/auth.log’ solves your problem, otherwise show your error messages/logs/ service fail2ban status information, so,we can further investigate.
€: Ah sorry, I was mistaken, Fourdee already added the auth.log creation with v159: https://github.com/Fourdee/DietPi/blob/master/dietpi/dietpi-software#L5564
So your error must come from different kind. Could you please share some details, as mentioned above, logs, concrete error messages and about other installed software?
Feel free to create an issue on guthub, so you don’t need to wait for me to put it there https://github.com/Fourdee/DietPi/issues
thanx for the hint with the users.
I couldn`t solve the fail2ban problem till now.
I have tested it with a raspberry pi B (armv61) and raspi 2 (armv71), i have changed the SD-Cards to a brand new SD-Card.
I have format the new SD and use DietPi_v158_RPi-armv6-(Stretch).img with Win32DiskImager.
Then i started the system with monitor and keyboard, no SSH access. After the update to V159 i only set up the timezone, a static IP in my network (192.168.0.240) and install fail2ban by using Software Optimized.
While rebooting after the restart i get a fail2ban: failed info.
When i try to restart with
I get this error:
ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
The file /var/log/fail2ban.log exists but is emty.
In the directory /etc/fail2ban/ i have the following files and directorys:
action.d fail2ban.d filter.d jail.d paths-common.conf paths-opensuse.conf fail2ban.conf jail.conf paths-debian.conf
I have also tryed this:
root@DietPi:/etc/fail2ban/action.d# fail2ban-server 2017-12-20 13:00:26,085 fail2ban.server : INFO Starting Fail2ban v0.9.6 2017-12-20 13:00:26,091 fail2ban.server : INFO Starting in daemon mode root@DietPi:/etc/fail2ban/action.d# fail2ban-client restart ERROR NOK: ('Invalid command',) Invalid command root@DietPi:/etc/fail2ban/action.d#
Could you try:
touch /var/log/auth.log service fail2ban restart
Without rsyslog this file is missing and somehow not autocreated by fail2ban. We actually already found that during Stretch image release, but I am not sure anymore, if we really fixed it, because other big topics came across. Will investigate again.
Hi MichaIng, i tryed touch /var/log/auth.log but i see nothing When i do nano /var/log/auth.log brings me:
Dec 22 11:28:21 DietPi dropbear: Failed loading /etc/dropbear/dropbear_dss_host_key Dec 22 11:28:21 DietPi dropbear: Failed loading /etc/dropbear/dropbear_ecdsa_host_key Dec 22 11:28:21 DietPi dropbear: Running in background Dec 22 11:28:21 DietPi systemd-logind: New seat seat0. Dec 22 11:28:26 DietPi dropbear: Child connection from 192.168.0.34:50114 Dec 22 11:28:45 DietPi dropbear: Password auth succeeded for 'root' from 192.168.0.34:50114
When i do: service fail2ban restart i get:
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
I don`t know how to handle “systemctl status fail2ban.service” but journalctl -xe brings:
-- Unit fail2ban.service has begun starting up. Dec 22 11:28:51 DietPi fail2ban-client: ERROR Failed during configuration: While reading from '/etc/fail2ban/jail.conf' [line 52]: option 'port' in section 'pam-generic' already exists Dec 22 11:28:51 DietPi systemd: fail2ban.service: Control process exited, code=exited status=255 Dec 22 11:28:51 DietPi systemd: Failed to start Fail2Ban Service. -- Subject: Unit fail2ban.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit fail2ban.service has failed.
I hope these infos will help you.
I had the exact same issue and resolved it. The error message actually hints to the first problem already. After installing fail2ban on a Raspberry Pi (B for me), the jail.conf has invalid settings. The first issue is with a double definition of [port] in the [pam-generic] section. It once says port = all and once port = anyport. I deleted the latter. A second issue is that in [DEFAULT] the action parameter is defined twice, whereas the second definition just states action = %(action_)s. I commented the that second definition out. Then I restarted fail2ban and it seems to work since then (at least it starts up and correctly logs wrong login attempts - so all it should do).
I hope this helps!
Btw, I followed https://github.com/owncloud/documentation/issues/3078 to secure owncloud with fail2ban (see instruction from dercorn further below)