Is there something wrong with our configuration? Why would any IP that gets
permanently banned get unbanned? jail.local is below, logs showing unban
and recidive is as follows. Is there some overlap in the findtime option?
fail2ban-0.10.4-1.fc29.noarch
2019-01-22 19:55:15,551 fail2ban.actions [46998]: NOTICE [sshd] Ban
218.92.1.156
2019-01-22 19:55:15,949 fail2ban.filter [46998]: INFO [recidive]
Found 218.92.1.156 - 2019-01-22 19:55:15
2019-01-22 21:15:15,134 fail2ban.actions [46998]: NOTICE [sshd]
Unban 218.92.1.156
2019-01-22 21:15:39,083 fail2ban.filter [46998]: INFO
[pam-generic] Found 218.92.1.156 - 2019-01-22 21:15:39
2019-01-22 21:15:41,154 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 21:15:40
2019-01-22 21:15:43,360 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 21:15:42
2019-01-22 21:15:47,368 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 21:15:46
2019-01-22 21:16:27,350 fail2ban.filter [46998]: INFO
[pam-generic] Found 218.92.1.156 - 2019-01-22 21:16:26
2019-01-22 21:16:29,439 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 21:16:28
2019-01-22 21:16:30,643 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 21:16:30
2019-01-22 21:16:33,250 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 21:16:32
2019-01-22 21:16:33,258 fail2ban.actions [46998]: NOTICE [sshd] Ban
218.92.1.156
2019-01-22 21:16:33,306 fail2ban.filter [46998]: INFO [recidive]
Found 218.92.1.156 - 2019-01-22 21:16:33
2019-01-22 22:36:32,835 fail2ban.actions [46998]: NOTICE [sshd]
Unban 218.92.1.156
2019-01-22 22:37:09,381 fail2ban.filter [46998]: INFO
[pam-generic] Found 218.92.1.156 - 2019-01-22 22:37:08
2019-01-22 22:37:11,387 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 22:37:10
2019-01-22 22:37:13,392 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 22:37:12
2019-01-22 22:37:17,202 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 22:37:16
2019-01-22 22:37:58,455 fail2ban.filter [46998]: INFO
[pam-generic] Found 218.92.1.156 - 2019-01-22 22:37:57
2019-01-22 22:37:59,662 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 22:37:59
2019-01-22 22:38:03,870 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 22:38:03
2019-01-22 22:38:07,077 fail2ban.filter [46998]: INFO [sshd]
Found 218.92.1.156 - 2019-01-22 22:38:06
2019-01-22 22:38:07,213 fail2ban.actions [46998]: NOTICE [sshd] Ban
218.92.1.156
2019-01-22 22:38:07,414 fail2ban.filter [46998]: INFO [recidive]
Found 218.92.1.156 - 2019-01-22 22:38:07
2019-01-22 23:58:06,298 fail2ban.actions [46998]: NOTICE [sshd]
Unban 218.92.1.156
jail.local
[INCLUDES]
#before = paths-distro.conf
before = paths-fedora.conf
[DEFAULT]
bantime = 4800
sender = fail2ban
destemail = root
action = %(action_mwl)s
ignoreip = 127.0.0.1 192.168.1.0/24
mta = sendmail
maxretry = 6
backend = polling
[sshd]
enabled = true
filter = sshd[mode=aggressive]
port = ssh
logpath = /var/log/secure*
backend = polling
#journalmatch =
banaction = iptables-multiport
action = %(action_)s
[pam-generic]
enabled = true
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible
uses
port = all
logpath = /var/log/secure
maxretry = 3
backend = polling
[sendmail-auth2]
enabled = true
filter = sendmail-auth2
backend = polling
action = iptables-allports[name=sendmail-auth,port="smtp,smtps",
protocol=tcp]
logpath = /var/log/maillog
maxretry = 4
[recidive]
enabled = true
filter = recidive
action = iptables-allports[name=recidive]
sendmail-whois-lines[name=recidive, dest=root, sender=root,
logpath=/var/log/fail2ban.log]
bantime = -1
#bantime = 43200 ; 1 week
findtime = 14400 ; 1 day
maxretry = 5
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
