Thanks for that, Michael. I had my findtime set too low apparently. The issue I'm having now is that new violators aren't banned.
Thanks, Chris Short http://chrisshort.net Public PGP Key: http://cshort.co/pub_key Keybase: http://cshort.co/keybaseio On Fri, Aug 21, 2015 at 11:35 AM, Michael H <[email protected]> wrote: > Hi Chris, > > Ignore that previous reply, I've been working with RHEL7 a lot recently :) > > this is my C6 jail config for SSH - I hope it helps. > > [ssh-iptables] > enabled = true > filter = sshd > action = iptables[name=SSH, port=ssh, protocol=tcp] > #remove this line below if you do not wish to receive email upon ban. > sendmail-whois[name=SSH, dest=root, sender=fail2ban@HOSTNAME] > logpath = /var/log/secure > maxretry = 10 > findtime = 86400 > > Michael > > On 21/08/15 16:03, Michael H wrote: > > Hi Chris, > > > > which jail is not working? the standard sshd? > > > > I ran into the same kind of issue last year, I found that the iptables > > action wasn't working, after switching to > > > > action = firewallcmd-ipset[name=SSH, port=22, protocol=tcp] > > > > everything began to work... > > > > Michael > > > > On 21/08/15 15:23, Chris Short wrote: > >> I have been having significant issues getting fail2ban to actually ban > >> hosts on RHEL 6 using the latest package from EPEL. The logs indicate > >> fail2ban is finding failures worthy of blocking but only seems to do so > >> at service start. I've tried auto and polling backends. > >> > >> Here is the current jail.local I'm working with: > >> http://pastebin.com/qZv4JN9J > >> > >> Any thoughts or guidance would be much appreciated. > >> > >> Thanks, > >> > >> Chris Short > >> http://chrisshort.net > >> Public PGP Key: http://cshort.co/pub_key > >> Keybase: http://cshort.co/keybaseio > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> > >> > >> > >> _______________________________________________ > >> Fail2ban-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > >> > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Fail2ban-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
