TechQA.

fail2ban not working or not ban ip after login fail

2.4k views Asked by At

i try fail2ban on my servers atleast 10 times, most of the time it not ban ip

In my jail.local

[ssh]

enabled  = true
port     = ssh,some_port_number
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 2
bantime = 180

and on my server i install fail2ban and configure using this in my sh file

sudo apt-get -y install fail2ban
sudo cp custom_jail.local /etc/fail2ban/jail.local
sudo service fail2ban restart

and also i set RepeatedMsgReduction off in rsyslog.conf and run this service rsyslog restart

after ssh login fail (maxretry limit ) i am still able to login it not ban my ip

auth.log

Jun 20 21:17:29 localhost sshd[4705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip  user=username
Jun 20 21:17:32 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:36 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:41 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:41 localhost sshd[4705]: Connection closed by ip [preauth]

fail2ban.log

2015-06-20 21:15:07,186 fail2ban.jail   : INFO   Jail 'ssh' stopped
2015-06-20 21:15:07,209 fail2ban.jail   : INFO   Jail 'ssh-ddos' stopped
2015-06-20 21:15:07,210 fail2ban.server : INFO   Exiting Fail2ban
2015-06-20 21:15:07,790 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.11
2015-06-20 21:15:07,791 fail2ban.jail   : INFO   Creating new jail 'ssh'
2015-06-20 21:15:07,821 fail2ban.jail   : INFO   Jail 'ssh' uses pyinotify
2015-06-20 21:15:07,846 fail2ban.jail   : INFO   Initiated 'pyinotify' backend
2015-06-20 21:15:07,848 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2015-06-20 21:15:07,849 fail2ban.filter : INFO   Set maxRetry = 2
2015-06-20 21:15:07,850 fail2ban.filter : INFO   Set findtime = 600
2015-06-20 21:15:07,850 fail2ban.actions: INFO   Set banTime = 180
2015-06-20 21:15:07,884 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
2015-06-20 21:15:07,884 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses pyinotify
2015-06-20 21:15:07,891 fail2ban.jail   : INFO   Initiated 'pyinotify' backend
2015-06-20 21:15:07,893 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2015-06-20 21:15:07,894 fail2ban.filter : INFO   Set maxRetry = 2
2015-06-20 21:15:07,894 fail2ban.filter : INFO   Set findtime = 600
2015-06-20 21:15:07,895 fail2ban.actions: INFO   Set banTime = 180
2015-06-20 21:15:07,901 fail2ban.jail   : INFO   Jail 'ssh' started
2015-06-20 21:15:07,907 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
fail2ban
Original Q&A
1

There are 1 answers

0
iammehrabalam On

Finally got the point why fail2ban not ban ip

previously after editing jail.local i restart fail2ban

but now i first stop fail2ban and then start fail2ban this works for me

I am using Ubuntu 14.04

Related Questions in FAIL2BAN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions