sorry the configuration file is sshd.conf, and is match the right adresses, here is the test :
[11] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Received disconnect from <HOST>: 11: \[preauth\]\s*$ [11] 68 match(es) Here is the jail configuration: ignore ip = x.x.x.x bantime = 432000 maxretry = 3 findtime = 21600 [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 And here is the fail2ban.log when I restart the service: fail2ban.jail : INFO Jail 'ssh' stopped 2016-05-30 09:06:22,866 fail2ban.server : INFO Exiting Fail2ban 2016-05-30 09:06:23,202 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6 2016-05-30 09:06:23,203 fail2ban.jail : INFO Creating new jail 'ssh' 2016-05-30 09:06:23,203 fail2ban.jail : INFO Jail 'ssh' uses poller 2016-05-30 09:06:23,219 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2016-05-30 09:06:23,219 fail2ban.filter : INFO Set maxRetry = 3 2016-05-30 09:06:23,220 fail2ban.filter : INFO Set findtime = 21600 2016-05-30 09:06:23,221 fail2ban.actions: INFO Set banTime = 432000 2016-05-30 09:06:23,254 fail2ban.jail : INFO Jail 'ssh' started thanks, Christophe ________________________________________ De : Tom Hendrikx <[email protected]> Envoyé : mardi 31 mai 2016 13:47:09 À : [email protected] Objet : Re: [Fail2ban-users] fail2ban doesn't ban On 31-05-16 11:17, Christophe Millon wrote: > I have this line in my configuration file > /etc/fail2ban/filter.d/shd.conf : ^%(__prefix_line)sReceived disconnect > from <HOST>: 11: \[preauth\]\s*$ Is this filename 'shd.conf' correct? Does that match your jail config? Can you you show us your jail.conf, and the logging that a restart of fail2ban produces with the config? Regards, Tom ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
