[Fail2ban-users] urban still happening when recidive bantime = -1

Robert Kudyba Wed, 16 Aug 2017 07:16:38 -0700

We are using the custom-firewalld at 
https://github.com/fail2ban/fail2ban/issues/1474#issuecomment-272659488 
<https://github.com/fail2ban/fail2ban/issues/1474#issuecomment-272659488>. You 
can see from the logs below that unbans are still happening even though bantime 
 = -1. This is Fedora 26  rpm -q fail2ban: fail2ban-0.9.7-2.fc26.noarch. Here 
are the related jail.local options and log snips. Is there some overlap with 
the ‘findtime' value?


bantime = 3600
sender = fail2ban
action = custom-firewalld
backend = auto
mta = sendmail

#[Definition]

[sshd]
enabled = true
filter   = sshd
logpath  = /var/log/secure

[sshd-ddos]
enabled = true
#port    = ssh,sftp
filter = sshd-ddos
logpath  = /var/log/secure
maxretry = 5

[pam-generic]
enabled  = true
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter   = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port     = all
banaction = iptables-allports
logpath  = /var/log/secure
maxretry = 3

[recidive]
enabled  = true
filter   = recidive
logpath  = /var/log/fail2ban.log
action   = custom-firewalld[name=recidive]
           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
bantime  = -1 ; forever
findtime = 86400   ; 1 day
maxretry = 5

 cat /var/log/fail2ban.log| grep 164.215.170.34
2017-08-15 16:41:26,524 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:26,530 fail2ban.filter         [1996]: INFO    [pam-generic] 
Found 164.215.170.34
2017-08-15 16:41:26,534 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:29,132 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:31,763 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:35,006 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:35,744 fail2ban.actions        [1996]: NOTICE  [sshd] Ban 
164.215.170.34
2017-08-15 16:41:35,746 fail2ban.filter         [1996]: INFO    [recidive] 
Found 164.215.170.34
2017-08-15 16:41:36,811 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:39,525 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:42,563 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:45,622 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:48,273 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:48,277 fail2ban.filter         [1996]: INFO    [sshd] Found 
164.215.170.34
2017-08-15 16:41:48,527 fail2ban.actions        [1996]: NOTICE  [sshd] 
164.215.170.34 already banned
2017-08-15 17:41:35,914 fail2ban.actions        [1996]: NOTICE  [sshd] Unban 
164.215.170.34


fail2ban-client status | grep "Jail list:" | sed "s/ //g" | awk 
'{split($2,a,",");for(i in a) system("fail2ban-client status " a[i])}' | grep 
"Status\|IP list" | grep 164.215.170.34

does not return anything.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] urban still happening when recidive bantime = -1

Reply via email to