Why would the recidive jail not be picking up on this IP? See the jail
settings at the end.
2020-03-11 11:14:29,382 fail2ban.actions [1539290]: WARNING
[pam-generic] 150.136.217.144 already banned
2020-03-11 11:14:30,602 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:30
2020-03-11 11:14:31,140 fail2ban.actions [1539290]: WARNING [sshd]
150.136.217.144 already banned
2020-03-11 11:14:31,352 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:30
2020-03-11 11:14:31,356 fail2ban.filter [1539290]: INFO
[pam-generic] Found 150.136.217.144 - 2020-03-11 11:14:30
2020-03-11 11:14:33,316 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:33
2020-03-11 11:14:33,318 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:33
2020-03-11 11:14:33,604 fail2ban.filter [1539290]: INFO
[pam-generic] Found 150.136.217.144 - 2020-03-11 11:14:33
2020-03-11 11:14:36,352 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:35
2020-03-11 11:14:38,559 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:38
2020-03-11 11:14:38,602 fail2ban.filter [1539290]: INFO
[pam-generic] Found 150.136.217.144 - 2020-03-11 11:14:38
2020-03-11 11:14:38,796 fail2ban.actions [1539290]: WARNING
[pam-generic] 150.136.217.144 already banned
2020-03-11 11:14:39,152 fail2ban.actions [1539290]: WARNING [sshd]
150.136.217.144 already banned
2020-03-11 11:14:40,352 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:40
2020-03-11 11:14:40,852 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:40
2020-03-11 11:14:40,856 fail2ban.filter [1539290]: INFO
[pam-generic] Found 150.136.217.144 - 2020-03-11 11:14:40
2020-03-11 11:14:43,061 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:42
2020-03-11 11:14:43,063 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:43
2020-03-11 11:14:43,603 fail2ban.filter [1539290]: INFO
[pam-generic] Found 150.136.217.144 - 2020-03-11 11:14:43
2020-03-11 11:14:45,352 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:45
2020-03-11 11:14:45,852 fail2ban.filter [1539290]: INFO [sshd]
Found 150.136.217.144 - 2020-03-11 11:14:45
2020-03-11 11:14:45,856 fail2ban.filter [1539290]: INFO
[pam-generic] Found 150.136.217.144 - 2020-03-11 11:14:45
[DEFAULT]
bantime = 3600
sender = root
#action = %(action_mwl)s
action = %(action_)s
#backend = polling
#default_backend = polling
mta = sendmail
loglevel = DEBUG
backend = auto
banaction = firewallcmd-ipset
#banaction_allports = firewallcmd-ipset
[sshd]
filter = sshd[mode=aggressive]
#filter = sshd
enabled = true
logpath = /var/log/secure
port = ssh,sftp
[pam-generic]
enabled = true
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible
uses
port = all
#banaction = iptables-allports
#port = anyport
backend = pyinotify
logpath = /var/log/secure
maxretry = 3
[recidive]
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log
/var/log/fail2ban.log-[!.gz]
banaction = firewallcmd-ipset
action = badips[category="ssh", key="xxxx"]
bantime = -1 ; permanent
findtime = 86400 ; 1 day
maxretry = 3
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
