On 14.12.2017 14:35, Patrick Shanahan wrote:
* Admin Beckspaced <ad...@beckspaced.com> [12-14-17 04:42]:
Dear Fail2ban users,
running fail2ban v.0.10.1 on an opensuse box.
currently looking into the recidive jail to ban persistent abusers.
From what i understand the bans are stored in the persistent database
storage so the bans can be added on restart without re-scanning the logs
files.
If i set a bantime of 1w in recidive jail the jail.conf informs me that i
should increase the dbpurgeage to 7.5 days
so the bans with 1w can live long enough before getting purged
but if i do a permanent bantime -1 what value should I set the dbpurgeage?
what's the relation between bantime, persistent storage and dbpurgeage?
would be nice if someone could perhaps enlighten me on the topic ;)
man jail.conf states:
dbpurgeage
Database purge age in seconds. Default: 86400 (24hours)
This sets the age at which bans should be purged from the database.
you wouldn't want the subject address to be removed before bantime
expires. and, since fail2ban complains when the dbpurgeage is less than
bantime, it is aware and respects bantime. so if you set bantime to "-1",
forever, dbpurgeage would never purge that address.
take this for what it is worth, just my reading/understanding.
personally, I add persistent ban addresses to ipset rules.
Hello Patrick,
thanks a lot for your reply ;)
one thing that made me unsure how bans in database and dbpurgeage work
together is the following note from the recidive jail in jail.conf
# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
# to maintain entries for failed logins for sufficient amount of time
[recidive]
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 1w
findtime = 1d
So if i set a bantime of 1 week they urge me to increase the dbpurgeage
to more than a week ... 7,5 days
If it works the way you understand it then there would be no need to
adjust the dbpurgeage according to bantime.
as dbpurgeage would always respect the bantime ...
if dbpurgeage would respect the bantime then there would be no need to
add a WARNING note and increase dbpurgeage to greater than bantime?
you see ... still not sure how this really works?
anyone else out there who could enlighten me ;)
Thanks & greetings
Becki
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
