I installed fail2ban on a fairly vanilla stretch system, and expected (based on
the default configuration) to get some basic protection for my SSH daemon.
However, that is not the case: I just had a burst of logins from two distinct IP
addresses, both of them easily going beyond the default threshold of 5 attempts
per 10 minutes. Neither of them got blocked: fail2ban did not log any action,
nor did it send me an email about any action.
This is pretty bad---a package that claims to protect the system, but doesn't do
so, is arguably worse than no protection at all.
This may be related to
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171>, but I *do* have a
/var/log/auth.log as rsyslog is installed.