# pgrep -l fail2ban
408 fail2ban-server
# iptables -nvL
Chain INPUT (policy ACCEPT 12883 packets, 929K bytes)
pkts bytes target prot opt in out source destination
48 6128 fail2ban-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 26469 packets, 30M bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
48 6128 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
##jail.conf
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=xxxx@gmail.com, sender=xxxx@gmail.com]
logpath = /var/log/sshd.log
maxretry = 2
# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
#fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
...
Success, the total number of match is 34
##from the same ip
Syslog-ng is enabled in systemd
After this I can SSH 7 times with bad password from my phone and mobile network without getting my ip banned. Any ideas why?
Edit: SOLVED,
at jail.conf:
-/var/log/sshd.log
+/var/log/auth.log
plum forgot to update fail2ban accordingly.
thanks for the help.
]]>Chain INPUT (policy ACCEPT 250 packets, 33400 bytes)
pkts bytes target prot opt in out source destination
0 0 fail2ban-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 145 packets, 26592 bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
i looked in the log ... the last time any activity was logged was nov 11. i have also tried to ban myself on another machine. so i know its not working. is there anything i need to start? i have fail2ban running as a daemon on startup.
]]>here is a portion of my jail.conf
54 [ssh-iptables]
55
56 enabled = true
57 filter = sshd
58 action = iptables[name=SSH, port=ssh, protocol=tcp]
59 sendmail-whois[name=SSH, dest=myemail@myhost.com, sender=myemail@myhost.com]
60 logpath = /var/log/auth.log
61 maxretry = 5
output from sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
output from fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
...
Success, the total number of match is 46