fail2ban picks up everything in /etc/fail2ban/jail.conf and then applies
additional/overrides from /etc/fail2ban/jail.local (and probably
/etc/fail2ban/jail.d/*. I didn't even realize there was a jail.d folder
until I saw your post).
In one of those configs (probably /etc/fail2ban/jail.conf)
Hello,
I'm new to Fail2Ban, and still getting to grips with it.
As I understand it, all matches to a filter are treated the same - using the
default sshd filter a bot trying to logon as a nonexistent user is treated the
same as a genuine user who has misspelled their password.
I would prefer