Hello list!
I have a Centos 7.2 VPS server set up with FirewallD configured and
running. ntpd and timedatectl are all set up/configured correctly and
reporting the correct date and time.
I have installed the latest release of fail2ban (0.9.3) and the
fail2ban-systemd package from the EPEL repo.
As advised in all online guides, I created a *sshd.conf* file within the
*/etc/fail2ban/fail.d/* folder with the following contents:
[sshd]
enabled = true
filter = sshd
port = 2020
logpath = %(sshd_log)s
maxretry = 1
bantime = 86400
After starting fail2ban using '*systemctl start fail2ban*' it starts fine
and does not report any errors.
I then try and log into SSH using a mobile device/different laptop (to
mimic an attack or bad login). However the IP does not get banned and
running the '*fail2ban-client status sshd*' reports no IP's are being
banned.
I ran the '*fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf*'
command which returns no matches and approximately 200 missed lines.
Has anyone else has this issue at all? An excerpt of my */var/log/secure*
file can be found below (out of the box log files).
Jan 28 12:37:45 testserver sshd[2509]: pam_unix(sshd:session): session
opened for user root by (uid=0)
Jan 28 12:44:17 testserver sshd[2681]: Connection closed by 178.62.67.125
[preauth]
Jan 28 12:44:20 testserver sshd[2683]: Connection closed by 178.62.67.125
[preauth]
Jan 28 12:44:22 testserver sshd[2685]: Connection closed by 178.62.67.125
[preauth]
Sorry to ask, but am I doing something wrong?
I should add that 2 days ago, this was working fine and it has now suddenly
stopped working.
*Any help or advice would be greatly received!*
*Thanks,*
*Chris*
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
