OK - in desperation, I did a remove and purge of fail2ban, and then a fresh re-install. In the absence of a jail.local, fail2ban starts up (and does nothing, of course). I copied jail.conf to jail.local in /etc/fail2ban and restarted fail2ban; still happy. Then I started to introduce my edits to jail.local.
Early on, I got a failure on the bantime parameter in the [DEFAULT] section. This keeps fail2ban happy: . [DEFAULT] ignoreip = 127.0.0.1 #bantime = 3600 #maxretry = 3 # # [sshd] # enabled = true . But this does not: . [DEFAULT] ignoreip = 127.0.0.1 bantime = 3600 #maxretry = 3 # # [sshd] # enabled = true . Does bantime have a dependency on some other parameter that's missing, or incorrectly set? It makes no sense to me. From: Dan Morton <d...@59plymouth.net> Sent: Thursday, July 22, 2021 5:46 PM To: 'Dominic Raferd' <domi...@timedicer.co.uk>; fail2ban-users@lists.sourceforge.net Subject: RE: [Fail2ban-users] Ubuntu 20.04: fail2ban starts, then stops Thanks - but, apart from how you restart fail2ban (and as I mention in my first post: "I rebooted, and got the log entry below - a similar outcome, with sudo systemctl restart fail2ban"), there's essentially no difference in those instructions, and the ones I site on https://help.ubuntu.com/community/Fail2ban. From: Dominic Raferd <domi...@timedicer.co.uk <mailto:domi...@timedicer.co.uk> > Sent: Thursday, July 22, 2021 2:45 PM To: fail2ban-users@lists.sourceforge.net <mailto:fail2ban-users@lists.sourceforge.net> Subject: Re: [Fail2ban-users] Ubuntu 20.04: fail2ban starts, then stops With Ubuntu 20.04 fail2ban is usually controlled directly by systemd, not via /etc/init.d/. The instructions you followed are very old. Some more modern ones can be found at https://linuxize.com/post/install-configure-fail2ban-on-ubuntu-20-04/. On 22/07/2021 18:53, Dan Morton wrote: I'll add this additional, peculiar observation: I've been tweaking jail.local and "sudo /etc/init.d/fail2ban restart" (as well as rebooting) in an attempt to get some traction with this, and I'm not seeing any more entries in /var/log/fail2ban.log. The last entry is from 2021-07-21 (yesterday). From: Dan Morton <mailto:d...@59plymouth.net> <d...@59plymouth.net> Sent: Thursday, July 22, 2021 11:10 AM To: fail2ban-users@lists.sourceforge.net <mailto:fail2ban-users@lists.sourceforge.net> Subject: Ubuntu 20.04: fail2ban starts, then stops I followed the instructions for installing and configuring fail2ban here <https://help.ubuntu.com/community/Fail2ban> . I rebooted, and got the log entry below - a similar outcome, with sudo systemctl restart fail2ban: mylogin@myvps:~$ sudo more /var/log/fail2ban.log 2021-07-21 19:58:47,133 fail2ban.server [376236]: INFO -------------------------------------------------- 2021-07-21 19:58:47,133 fail2ban.server [376236]: INFO Starting Fail2ban v0.11.1 2021-07-21 19:58:47,134 fail2ban.observer [376236]: INFO Observer start... 2021-07-21 19:58:47,205 fail2ban.database [376236]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2021-07-21 19:58:47,210 fail2ban.database [376236]: WARNING New database created. Version '4' 2021-07-21 19:58:47,211 fail2ban.jail [376236]: INFO Creating new jail 'sshd' 2021-07-21 19:58:47,242 fail2ban.jail [376236]: INFO Jail 'sshd' uses pyinotify {} 2021-07-21 19:58:47,249 fail2ban.jail [376236]: INFO Initiated 'pyinotify' backend 2021-07-21 19:58:47,251 fail2ban.filter [376236]: INFO maxLines: 1 2021-07-21 19:58:47,277 fail2ban.filter [376236]: INFO maxRetry: 5 2021-07-21 19:58:47,277 fail2ban.filter [376236]: INFO findtime: 600 2021-07-21 19:58:47,278 fail2ban.actions [376236]: INFO banTime: 600 2021-07-21 19:58:47,278 fail2ban.filter [376236]: INFO encoding: UTF-8 2021-07-21 19:58:47,278 fail2ban.filter [376236]: INFO Added logfile: '/var/log/auth.log' (pos = 0, hash = 50c23a282ae914c87f53e8ada9f5 516498f74095) 2021-07-21 19:58:47,283 fail2ban.jail [376236]: INFO Jail 'sshd' started 2021-07-21 20:11:24,421 fail2ban.server [376236]: INFO Shutdown in progress... 2021-07-21 20:11:24,422 fail2ban.observer [376236]: INFO Observer stop ... try to end queue 5 seconds 2021-07-21 20:11:24,443 fail2ban.observer [376236]: INFO Observer stopped, 0 events remaining. 2021-07-21 20:11:24,483 fail2ban.server [376236]: INFO Stopping all jails 2021-07-21 20:11:24,483 fail2ban.filter [376236]: INFO Removed logfile: '/var/log/auth.log' 2021-07-21 20:11:24,668 fail2ban.actions [376236]: NOTICE [sshd] Flush ticket(s) with iptables-multiport 2021-07-21 20:11:25,084 fail2ban.jail [376236]: INFO Jail 'sshd' stopped 2021-07-21 20:11:25,085 fail2ban.database [376236]: INFO Connection to database closed. 2021-07-21 20:11:25,087 fail2ban.server [376236]: INFO Exiting Fail2ban Could someone advise on next steps to diagnose? adTHANKSvance. -Dan _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net <mailto:Fail2ban-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
