> From [email protected] Tue Jun 23 07:11:39 2015 > X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on > douglas.highley-recommended.com > X-Spam-Level: > X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, > HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3, > RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham > autolearn_force=no version=3.4.1 > X-ACL-Warn: > From: David Highley <[email protected]> > Message-Id: <[email protected]> > To: [email protected] > Date: Tue, 23 Jun 2015 07:10:30 -0700 (PDT) > X-Mailer: ELM [version 2.5 PL8] > MIME-Version: 1.0 > X-Headers-End: 1Z7OuK-0007LS-CK > Subject: [Fail2ban-users] Filter sshd-root not working for us > X-BeenThere: [email protected] > X-Mailman-Version: 2.1.9 > Precedence: list > List-Id: <fail2ban-users.lists.sourceforge.net> > List-Unsubscribe: > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users>, > > <mailto:[email protected]?subject=unsubscribe> > List-Archive: > <http://sourceforge.net/mailarchive/forum.php?forum_name=fail2ban-users> > List-Post: <mailto:[email protected]> > List-Help: <mailto:[email protected]?subject=help> > List-Subscribe: > <https://lists.sourceforge.net/lists/listinfo/fail2ban-users>, > <mailto:[email protected]?subject=subscribe> > Content-Type: text/plain; charset="us-ascii" > Content-Transfer-Encoding: 7bit > Errors-To: [email protected] > X-UID: 13542 > Content-Length: 2137 > > We are not able to tell if the sshd-root filter is even being invoked. > It does block after three bad attempts at logging in. We are running on > Fedora 22 systems. Also we have been able to get the email to work. We > are new to using fail2ban. Here is our jail file: > > # > # WARNING: heavily refactored in 0.9.0 release. Please review and > # customize settings for your setup. > # > # Changes: in most of the cases you should not modify this > # file, but provide customizations in jail.local file, > # or separate .conf files under jail.d/ directory, e.g.: > # > # HOW TO ACTIVATE JAILS: > # > # YOU SHOULD NOT MODIFY THIS FILE. > # > # It will probably be overwritten or improved in a distribution update. > # > # Provide customizations in a jail.local file or a jail.d/customisation.local. > # For example to change the default bantime for all jails and to enable the > # ssh-iptables jail the following (uncommented) would appear in the .local > file. > # See man 5 jail.conf for details. > # > [DEFAULT] > # bantime = 3600 > bantime = 259200 > #banaction= firewallcmd-ipset > banaction= firewallcmd-new > backend = systemd > maxretry = 3 > #sender = [email protected] > #destmail = root@localhost > #action = %(action_mwl)s
Uncommented above 3 lines. Remember that the action line had issues with early Fedora 21. > > # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will > not > # ban a host which matches an address in this list. Several addresses can be > # defined using space separator. > ignoreip = 127.0.0.1/8 10.2.2.0/255.255.255.0 > > # > [sshd] > enabled = true > port = 1:65535 > filter = sshd-root > banttime = 604800 > maxretry = 0 It is working now, maxretry needed to be set to 1. Email of fail2ban events is also working > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with OpManager! > OpManager is web-based network management software that monitors > network devices and physical & virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
