Fail2ban install fails from Webmin

Every time I install a new system and add Virtualmin, then, to to webmin module fail2ban, it of course says fail2ban is not installed, and says to click here to have it downloaded and installed via yum, which is tries to do but fails. That's because there is no fail2ban package without enabling epel repository. You should either enable that, or,don't offer to download and install.

Status: 
Active

Comments

I don't think hiding the option to install Fail2ban would be a good user experience, as users wouldn't even know that an option for an automatic install exists..

Maybe not, but, offering to install it knowing it fails is not a very good user experience either!

Determining in advance that the install will fail is kind of expensive though, as it requires searching the remote YUM repository.

Diabolico's picture
Submitted by Diabolico on Mon, 04/20/2015 - 23:25

Just to add, you can sort this problem if you download EPEL, for centos should be "yum install epel-release". Once done install fail2ban and then immediately turn off EPEL by going in epel.repo and change "enabled=1" to "enabled=0". If you dont do this Virtualmin will pickup updates what if installed have big chance to break everything. I made this mistake and forgot to turn off EPEL and next day when i log into Virtualmin i saw several updates waiting, the rest of the story is pretty clear. Last but not least, before you start doing anything be sure to turn off automatic updates in Virtualmin or even better turn this option completely off for few minutes until you are done with fail2ban.

Yep, I know, though, that's not the best way. My point was while I can get around it, they are hassling every single user who uses Virtualmin and wants fail2ban by saying it will install it, when in fact, it will not. I was asking THEM to fix their system. Yes, you broke your system and many others will. If they fixed Virtualmin, this would not happen of course.

You actually don't need to turn on/off epel. In epel.repo file, add:

includepkgs=fail2ban* to the [epel] section and you will be find that limits any installs or updates to fail2ban only.

You would think people breaking their systems would be a bad thing?

Diabolico's picture
Submitted by Diabolico on Tue, 04/21/2015 - 00:46

You are right, my Centos 6.6 went from fine to roller coaster of hell. Lucky i'm only using Virtualmin on my test VPS (for now) so actually no real damage. My mistake, i was tired and i forgot about EPEL and next day i automatically press update only to realize in the middle of update what i did. Immediately after that BIND start throwing all sort of errors and everything slow down to the point i just trash everything and made new install. But if this happened to me who know i must not install updates from EPEL it could happen even easier to someone who dont know or even worst, on production server. Thats why i posted here just in case someone come looking for answer.

Joe's picture
Submitted by Joe on Thu, 04/23/2015 - 23:31 Pro Licensee

The only thing that I think EPEL could break would be ClamAV, as their package is broken-by-design (I've submitted patches months and months ago, which have been ignored), so I modified it for our repos. But otherwise, we generally ship an unmodified EPEL package, so updates from EPEL vs our repo wouldn't matter.

Diabolico's picture
Submitted by Diabolico on Mon, 05/30/2016 - 14:47

One year after this report Vmin is still unable to install fail2ban if you didnt previously install and enabled EPEL. On one hand you tell everyone how is preferable to not use repos or at least try to avoid them but in the same time you are not able to sort this problem after more than a year.

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.fastbull.org
* extras: centos.fastbull.org
* updates: centos.fastbull.org
No package fail2ban available.
Error: Nothing to do

.. install failed!

I dont have any problem to sort this but there are people who do not understand implications in case they leave EPEL enabled and with next update they could (and they will) pull stuff from this repo and make their server unusable.

I just looked into this, and had the Failed Error! And Searched it out, and I have had such bad Experiences with adding Repos, I just WONT do it, AT ALL, Turning on off or anything else... I'll do without....

Being a Novice Linux User (Aside from my "crash" course on it now) I didn't know a thing about "BAD" Reops, So when I wanted stuff to just "WORK" I added Repos like a crazy man....

I'm sure you know the rest.... 5x Full install (On a Live Forum), and This one I didn't touch a repo, and all runs fine....

Just my 2Cents...

Mike

Welshman's picture
Submitted by Welshman on Tue, 08/30/2016 - 13:54

EPEL is fine.

If your paranoid stick to buntu 14.4 good for a while

Thanks for post #4 and #5 - I was able to install fail2ban after the message "No package fail2ban available."