Package: fail2ban Version: 0.9.6-2 Severity: important Dear Maintainer,
I installed fail2ban on a fairly vanilla stretch system, and expected (based on the default configuration) to get some basic protection for my SSH daemon. However, that is not the case: I just had a burst of logins from two distinct IP addresses, both of them easily going beyond the default threshold of 5 attempts per 10 minutes. Neither of them got blocked: fail2ban did not log any action, nor did it send me an email about any action. This is pretty bad---a package that claims to protect the system, but doesn't do so, is arguably worse than no protection at all. This may be related to <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770171>, but I *do* have a /var/log/auth.log as rsyslog is installed. Kind regards, Ralf