Fail2ban configuration

Hi Guys,

I just have a query about this tutorial here.

I am sure I am wrong but I would be grateful if someone could explain to me why.

I am running Ubuntu 20.04.

In /etc/fail2ban/jail.conf there is the following stanza:

# "enabled" enables the jails.
#  By default all jails are disabled, and it should stay this way.
#  Enable only relevant to your setup jails in your .local or jail.d/*.conf
# true:  jail will be enabled and log files will get monitored for changes
# false: jail is not enabled
enabled = false

The contents of /etc/fail2ban/jail.d/defaults-debian.conf is:

enabled = true

It is my understanding that fail2ban reads the configuration files in the following order. Each .local file overrides the settings from the .conf file:


If /etc/fail2ban/jail.local overrides the settings in /etc/fail2ban/jail.d/*.conf

doesn’t that mean when you do

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

that the “enabled = true” directive for [sshd] in etc/fail2ban/jail.d/defaults-debian.conf now gets over written by the “enabled = false” directive in /etc/fail2ban/jail.local?

Probably … this is why you should create a local of etc/fail2ban/jail.d/defaults-debian.conf as well. So, when you have etc/fail2ban/jail.d/defaults-debian.local, the settings won’t be overwritten this time.

I know practically nothing about fail2ban - I only use on my RPi4 which runs SSH and I have a port forward rule on my router that forwards non-port-22 to port 22 on my Pi - I just go with the default config, and don’t allow root logins… i.e. fail2ban out of the box on Debian Buster performs more than adequately out of the box for me doing what I need it to (stopping mostly Chinese IP addresses port scanning me, and attempting to SSH as a range of users on non standard ports [they occasionally get the right one, but then get banned after three fails])…

I love it - I swear by it - but - the defaults suit me just fine…