> On 23-01-19 20:05, Robert Kudyba wrote: >> Is there something wrong with our configuration? Why would any IP that >> gets permanently banned get unbanned? jail.local is below, logs showing >> unban and recidive is as follows. Is there some overlap in the findtime >> option? > > The sshd jail bans and unbans according to your configuration. > > Your logging shows that the recidive jail found 3 tries. Configaion for > the recidive jail says you want to allow 5 retries before baning, so > there no ban yet for the recidive jail. Just like the logs tellyou: no > bans and no unbans for the recidive jail (yet). > > Maybe you misunderstand how the recidive jail is supposed to work? Or > you misread the logs?
The latter, I missed that there was no Ban for the recidive jail. Is there a best practice for maxretry for the recidive jail? Seems 5 is the default? Also, I noticed that the sshd jail and pam-generic tend to find the same IPs. The pam-generic just finds attempts to ports other than 22. Is that also expected behavior? _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
