>> I would check the SELinux first. > > No, selinux is disabled with security=0 at boot.
You listed these: > failregex = .* host=<HOST> user=.*SYSTEMERROR$ > actionstart = /etc/fail2ban/scripts/changepass_restart.sh Which makeing me think you expecting actionstart to trigger upon a failregex detection. That's not the way. Actionstart happens at server startup. You need actionban to do something every time a ban triggers. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
