Before closing out the topic again please read the fact the solutions you already have here do not work. Please see explanation below. I have not been able to use fail2ban properly for over 1.5 years now was hoping you would have fixed it by now.
followed this and removed the locking option which is how it was to begin with and it still gives me errors. This is why i posted here. I wouldn't be posting if other solutions worked
this time I get:
2017-12-05 16:32:37,425 fail2ban.utils [10775]: Level 39 7f6cb9bb1570 -- exec: iptables <lockingopt> -N f2b-SSH
iptables <lockingopt> -A f2b-SSH -j RETURN
iptables <lockingopt> -I INPUT -p tcp -j f2b-SSH
2017-12-05 16:32:37,428 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- stderr: '/bin/sh: lockingopt: No such file or directory'
2017-12-05 16:32:37,429 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- stderr: '/bin/sh: line 1: lockingopt: No such file or directory'
2017-12-05 16:32:37,430 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- stderr: '/bin/sh: line 2: lockingopt: No such file or directory'
2017-12-05 16:32:37,435 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- returned 1
2017-12-05 16:32:37,437 fail2ban.actions [10775]: ERROR Failed to execute ban jail 'ssh-iptables' action 'iptables-allports' info 'ActionInfo({'bancount': 1, 'ip-rev': '168.65.255.201.', 'family': 'inet4', 'ipmatches': u'Dec 5$
2017-12-05 16:32:37,621 fail2ban.actions [10775]: NOTICE [ssh-iptables] Ban 58.242.83.28
2017-12-05 16:32:37,714 fail2ban.utils [10775]: Level 39 7f6cb9bb1570 -- exec: iptables <lockingopt> -N f2b-SSH
iptables <lockingopt> -A f2b-SSH -j RETURN
iptables <lockingopt> -I INPUT -p tcp -j f2b-SSH
2017-12-05 16:32:37,879 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- stderr: '/bin/sh: lockingopt: No such file or directory'
2017-12-05 16:32:37,879 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- stderr: '/bin/sh: line 1: lockingopt: No such file or directory'
2017-12-05 16:32:37,879 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- stderr: '/bin/sh: line 2: lockingopt: No such file or directory'
2017-12-05 16:32:37,879 fail2ban.utils [10775]: ERROR 7f6cb9bb1570 -- returned 1
2017-12-05 16:32:37,880 fail2ban.actions [10775]: ERROR Failed to execute ban jail 'ssh-iptables' action 'iptables-allports' info 'ActionInfo({'bancount': 1, 'ip-rev': '28.83.242.58.', 'family': 'inet4', 'ipmatches': u'Dec 5 1$
2017-12-05 16:32:38,112 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:37
2017-12-05 16:32:38,113 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:37
2017-12-05 16:32:40,829 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:40
2017-12-05 16:32:40,830 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:40
2017-12-05 16:32:41,246 fail2ban.actions [10775]: NOTICE [ssh-iptables] 58.242.83.28 already banned
2017-12-05 16:32:43,500 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:43
2017-12-05 16:32:43,505 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:43
2017-12-05 16:32:45,728 fail2ban.filter [10775]: INFO [ssh-iptables] Found 58.242.83.28 - 2017-12-05 16:32:45
Same action still occurs. Meaning that it starts but doesn't ban anyone
Upon start up of Fail2ban I get these 2 errors
Starting fail2ban: No file(s) found for glob /var/log/mariadb/mariadb.log
NOK: ('malformed database schema (bans_ip) - no such table: main.bans',)
I try getting my self banned and nothing is happening. I can keep logging right back on and retrying to get into the system.
I just installed 0.11 today.
Environment:
Fill out and check ([x]) the boxes which apply. If your Fail2Ban version is outdated,
and you can't verify that the issue persists in the recent release, better seek support
from the distribution you obtained Fail2Ban from
Fail2Ban version (including any possible distribution suffixes): 0.11
OS, including release name/version: Centos 6.9 Final
[ ] Fail2Ban installed via OS/distribution mechanisms
[x ] You have not applied any additional foreign patches to the codebase
[ ] Some customizations were done to the configuration (provide details below is so)
The issue:
Fail2ban doesn't actually ban anyone or stop anyone from logging back on.
Steps to reproduce
No special steps. Followed installation instructions from here.
Expected behavior
To actually ban people and keep them banned
Observed behavior
Will kick person off of server after to many login attempts but doesn't stop the person from logging right back on and trying again.
Any additional information
Configuration, dump and another helpful excerpts
Any customizations done to /etc/fail2ban/ configuration
Jail.Local
#
# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
# [sshd]
# enabled = true
#
# See jail.conf(5) man page for more information
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
[INCLUDES]
#before = paths-distro.conf
before = paths-fedora.conf
# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 99.109.8.113 dannyperfect.com
# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =
# "bantime" is the number of seconds that a host is banned.
bantime = 315532800
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 3600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
# If pyinotify is not installed, Fail2ban will use auto.
# gamin: requires Gamin (a file alteration monitor) to be installed.
# If Gamin is not installed, Fail2ban will use auto.
# polling: uses a polling algorithm which does not require external libraries.
# systemd: uses systemd python library to access the systemd journal.
# Specifying "logpath" is not valid for this backend.
# See "journalmatch" in the jails associated filter config
# auto: will try to use the following backends, in order:
# pyinotify, gamin, polling.
#
# Note: if systemd backend is choses as the default but you enable a jail
# for which logs are present only in its own log files, specify some other
# backend for that jail (e.g. polling) and provide empty value for
# journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
backend = polling
# "usedns" specifies if jails should trust hostnames in logs,
# warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a DNS lookup will be performed.
# warn: if a hostname is encountered, a DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn
# "logencoding" specifies the encoding of the log files handled by the jail
# This is used to decode the lines from the log file.
# Typical examples: "ascii", "utf-8"
#
# auto: will use the system locale setting
logencoding = auto
# "enabled" enables the jails.
# By default all jails are disabled, and it should stay this way.
# Enable only relevant to your setup jails in your .local or jail.d/*.conf
#
# true: jail will be enabled and log files will get monitored for changes
# false: jail is not enabled
enabled = false
# "filter" defines the filter to use by the jail.
# By default jails have names matching their filter name
#
filter = %(__name__)s
#
# ACTIONS
#
# Some options used for actions
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = dansperfect@gmail.com
# Sender email address used solely for some actions
sender = fail2ban@dansperfect.com
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = mail
# Default protocol
protocol = tcp
# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT
# Ports to be banned
# Usually should be overridden in a particular jail
port = 0:65535
#
# Action shortcuts. To be used to define action parameter
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-allports
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# Report block via blocklist.de fail2ban reporting service API
#
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action. Create a file jail.d/blocklist_de.local containing
# [Init]
# blocklist_de_apikey = {api key from registration]
#
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
# NOTE: This action relies on banaction being present on start and therefore
# should be last action defined for a jail.
#
action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
#
# JAILS
#
#
# SSH servers
#
[ssh-iptables]
enabled = true
filter = sshd
action = iptables-allports[name=SSH, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
[sshd]
port = ssh
logpath = %(sshd_log)s
[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port = ssh
logpath = %(sshd_log)s
enabled = true
[dropbear]
port = ssh
logpath = %(dropbear_log)s
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s
maxretry = 5
#
# HTTP servers
#
[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s
[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
enabled = true
port = http,https
logpath = /var/log/virtualmin/*log
maxretry = 1
[apache-noscript]
enabled = true
port = http,https
logpath = /var/log/virtualmin/*log
maxretry = 6
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/virtualmin/*log
maxretry = 1
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/virtualmin/*log
maxretry = 3
findtime = 600
[apache-nohome]
enabled = true
port = http,https
logpath = /var/log/virtualmin/*log
maxretry = 2
[apache-botsearch]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 2
[apache-fakegooglebot]
enabled = true
port = http,https
logpath = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
[apache-modsecurity]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 2
[apache-shellshock]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 1
[nginx-http-auth]
port = http,https
logpath = %(nginx_error_log)s
[nginx-botsearch]
port = http,https
logpath = %(nginx_error_log)s
maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /etc/httpd/logs/*
maxretry = 1
[suhosin]
port = http,https
logpath = %(suhosin_log)s
[lighttpd-auth]
# Same as above for Apache's mod_auth
# It catches wrong authentifications
port = http,https
logpath = %(lighttpd_error_log)s
#
# Webmail and groupware servers
#
[roundcube-auth]
port = http,https
logpath = logpath = %(roundcube_errors_log)s
[openwebmail]
port = http,https
logpath = /var/log/openwebmail.log
[horde]
port = http,https
logpath = /var/log/horde/horde.log
[groupoffice]
port = http,https
logpath = /home/groupoffice/log/info.log
[sogo-auth]
# Monitor SOGo groupware server
# without proxy this would be:
# port = 20000
port = http,https
logpath = /var/log/sogo/sogo.log
[tine20]
logpath = /var/log/tine20/tine20.log
port = http,https
maxretry = 5
#
# Web Applications
#
#
[drupal-auth]
port = http,https
logpath = %(syslog_daemon)s
[guacamole]
port = http,https
logpath = /var/log/tomcat*/catalina.out
[monit]
#Ban clients brute-forcing the monit gui login
filter = monit
port = 2812
logpath = /var/log/monit
[webmin-auth]
enable = true
port = 10000
logpath = %(syslog_authpriv)s
maxretry = 3
[froxlor-auth]
port = http,https
logpath = %(syslog_authpriv)s
#
# HTTP Proxy servers
#
#
[squid]
port = 80,443,3128,8080
logpath = /var/log/squid/access.log
[3proxy]
port = 3128
logpath = /var/log/3proxy.log
#
# FTP servers
#
[proftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
[pure-ftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(pureftpd_log)s
maxretry = 6
[gssftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(syslog_daemon)s
maxretry = 6
[wuftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(wuftpd_log)s
maxretry = 6
[vsftpd]
# or overwrite it in jails.local to be
# logpath = %(syslog_authpriv)s
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
port = ftp,ftp-data,ftps,ftps-data
logpath = %(vsftpd_log)s
#
# Mail servers
#
# ASSP SMTP Proxy Jail
[assp]
port = smtp,465,submission
logpath = /root/path/to/assp/logs/maillog.txt
[courier-smtp]
port = smtp,465,submission
logpath = %(syslog_mail)s
[postfix]
enable = true
filter = postfix
port = smtp,465,submission
logpath = %(postfix_log)s
[postfix-rbl]
port = smtp,465,submission
logpath = %(syslog_mail)s
maxretry = 1
[sendmail-auth]
port = submission,465,smtp
logpath = %(syslog_mail)s
[sendmail-reject]
port = smtp,465,submission
logpath = %(syslog_mail)s
[qmail-rbl]
filter = qmail
port = smtp,465,submission
logpath = /service/qmail/log/main/current
# dovecot defaults to logging to the mail syslog facility
# but can be set by syslog_facility in the dovecot configuration.
[dovecot]
port = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s
[sieve]
port = smtp,465,submission
logpath = %(dovecot_log)s
[solid-pop3d]
port = pop3,pop3s
logpath = %(solidpop3d_log)s
[exim]
port = smtp,465,submission
logpath = %(exim_main_log)s
[exim-spam]
port = smtp,465,submission
logpath = %(exim_main_log)s
[kerio]
port = imap,smtp,imaps,465
logpath = /opt/kerio/mailserver/store/logs/security.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courier-auth]
port = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath = %(syslog_mail)s
[postfix-sasl]
port = smtp,465,submission,imap3,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath = %(postfix_log)s
[perdition]
port = imap3,imaps,pop3,pop3s
logpath = %(syslog_mail)s
[squirrelmail]
port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
[cyrus-imap]
port = imap3,imaps
logpath = %(syslog_mail)s
[uwimap-auth]
port = imap3,imaps
logpath = %(syslog_mail)s
#
#
# DNS servers
#
# !!! WARNING !!!
# Since UDP is connection-less protocol, spoofing of IP and imitation
# of illegal actions is way too simple. Thus enabling of this filter
# might provide an easy way for implementing a DoS against a chosen
# victim. See
# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
# Please DO NOT USE this jail unless you know what you are doing.
#
# IMPORTANT: see filter.d/named-refused for instructions to enable logging
# This jail blocks UDP traffic for DNS requests.
# [named-refused-udp]
#
# filter = named-refused
# port = domain,953
# protocol = udp
# logpath = /var/log/named/security.log
# IMPORTANT: see filter.d/named-refused for instructions to enable logging
# This jail blocks TCP traffic for DNS requests.
[named-refused]
port = domain,953
logpath = /var/log/named/security.log
[nsd]
port = 53
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/nsd.log
#
# Miscellaneous
#
[asterisk]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/messages
maxretry = 10
[freeswitch]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/freeswitch.log
maxretry = 10
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
# equivalent section:
# log-warning = 2
#
# for syslog (daemon facility)
# [mysqld_safe]
# syslog
#
# for own logfile
# [mysqld]
# log-error=/var/log/mysqld.log
[mysqld-auth]
enabled = true
port = 3306
logpath = %(mysql_log)s
backend = %(mysql_backend)s
# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
# to maintain entries for failed logins for sufficient amount of time
[recidive]
logpath = /var/log/messages
banaction = iptables-allports
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 5
# Generic filter for PAM. Has to be used with action which bans all
# ports such as iptables-allports, shorewall
[pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = iptables-allports
logpath = %(syslog_authpriv)s
[xinetd-fail]
banaction = iptables-multiport-log
logpath = %(syslog_daemon)s
maxretry = 2
# stunnel - need to set port for this
[stunnel]
logpath = /var/log/stunnel4/stunnel.log
[ejabberd-auth]
port = 5222
logpath = /var/log/ejabberd/ejabberd.log
[counter-strike]
logpath = /opt/cstrike/logs/L[0-9]*.log
# Firewall: http://www.cstrike-planet.com/faq/6
tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
# consider low maxretry and a long bantime
# nobody except your own Nagios server should ever probe nrpe
[nagios]
enabled = false
logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility
maxretry = 1
[oracleims]
# see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
enabled = false
logpath = /opt/sun/comms/messaging64/log/mail.log_current
maxretry = 6
banaction = iptables-allports
[directadmin]
enabled = false
logpath = /var/log/directadmin/login.log
port = 2222
[portsentry]
enabled = false
logpath = /var/lib/portsentry/portsentry.history
maxretry = 1
[pass2allow-ftp]
# this pass2allow example allows FTP traffic after successful HTTP authentication
port = ftp,ftp-data,ftps,ftps-data
# knocking_url variable must be overridden to some secret value in filter.d/apache-pass.local
filter = apache-pass
# access log of the website with HTTP auth
logpath = %(apache_access_log)s
blocktype = RETURN
returntype = DROP
bantime = 3600
maxretry = 1
findtime = 1
Relevant parts of /var/log/fail2ban.log file:
preferably obtained while running fail2ban with loglevel = 4
2017-12-05 14:33:59,181 fail2ban.server [4043]: INFO Starting Fail2ban v0.11.0.dev0
2017-12-05 14:33:59,181 fail2ban.server [4043]: INFO Daemon started
2017-12-05 14:33:59,182 fail2ban.observer [4043]: INFO Observer start...
2017-12-05 14:33:59,257 fail2ban.database [4043]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2017-12-05 14:33:59,258 fail2ban.transmitter [4043]: WARNING Command ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3'] has failed. Received DatabaseError('malformed database schema (bans_ip) - no such table: main.bans',)
2017-12-05 14:33:59,262 fail2ban.transmitter [4043]: WARNING dbpurgeage setting was not in effect since no db yet
iptables -w -A f2b-SSH -j RETURN
iptables -w -I INPUT -p tcp -j f2b-SSH
2017-12-05 14:38:10,295 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:38:10,296 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:38:10,296 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:38:10,296 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:38:10,296 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:38:10,297 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:38:10,297 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- returned 2
20
iptables -w -A f2b-SSH -j RETURN
iptables -w -I INPUT -p tcp -j f2b-SSH
2017-12-05 14:38:40,392 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:38:40,392 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:38:40,392 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:38:40,392 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:38:40,393 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:38:40,393 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:38:40,393 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- returned 2
iptables -w -A f2b-SSH -j RETURN
iptables -w -I INPUT -p tcp -j f2b-SSH
2017-12-05 14:39:00,593 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:39:00,594 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:39:00,594 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:39:00,594 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:39:00,594 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "iptables v1.4.7: option `-w' requires an argument"
2017-12-05 14:39:00,594 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2017-12-05 14:39:00,594 fail2ban.utils [4043]: ERROR 7fbd34e1cbe0 -- returned 2
Iptables Printout
Seems to be very messy to me with multiple identical jails running. If that's because of my jail.local please tell me.
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- v-133073-unlim.vpn.mgn.ru anywhere
DROP all -- 173.208.218.202 anywhere
DROP all -- dsl-ncr-dynamic-022.5.23.125.airtelbroadband.in anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
DROP all -- 172.56.42.0/24 anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
DROP all -- 172.56.42.172 anywhere
DROP all -- 37-115-191-239.broadband.kyivstar.net anywhere
DROP all -- ip.cishost.ru anywhere
DROP all -- ec2-35-166-159-248.us-west-2.compute.amazonaws.com anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
DROP all -- 146.185.223.125 anywhere
DROP all -- 19.sub-97-32-0.myvzw.com anywhere
DROP all -- 108-189-217-110.biz.bhn.net anywhere
DROP all -- boi.imcognito.com anywhere
DROP all -- 192.187.108.186 anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
DROP all -- 5x3x184x111.dynamic.omsk.ertelecom.ru anywhere
DROP all -- 118.47.131.44 anywhere
DROP all -- host-95-104-61-174.customer.co.ge anywhere
DROP all -- apache.jambo.co.ke anywhere
DROP all -- h37-157-245-4.host.redstation.co.uk anywhere
DROP all -- h37-157-245-4.host.redstation.co.uk anywhere
DROP all -- 5.79.79.21 anywhere
DROP all -- ns2.hostingcaminointernet.com anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
DROP all -- 62-210-114-217.rev.poneytelecom.eu anywhere
DROP all -- 46-152-244-87.sat.poltava.ua anywhere
DROP all -- subnet.vhoster.net/24 anywhere
DROP all -- dolabuy.example.com anywhere
DROP all -- 178.32.227.47 anywhere
DROP all -- 173.208.175.154 anywhere
DROP all -- 192.187.115.90 anywhere
DROP all -- pool-163-41-123-200.bionik.tv anywhere
DROP all -- 5.79.79.21 anywhere
DROP all -- 80.82.67.187 anywhere
DROP all -- 130.193.222.82 anywhere
DROP all -- 178-137-83-166.broadband.kyivstar.net anywhere
DROP all -- tor-exit-two.sentries.org anywhere
DROP all -- 199.15.233.170 anywhere
DROP all -- 46-118-156-191.broadband.kyivstar.net anywhere
DROP all -- 122.216-244-93-rdns.wowrack.com anywhere
DROP all -- server.ranzega.com anywhere
DROP all -- 5.79.79.21 anywhere
DROP all -- 218.22-183-107.rdns.scalabledns.com anywhere
DROP all -- 207-255-37-164-dhcp.unt.pa.atlaticbb.net anywhere
DROP all -- 93-120-169-71.dynamic.mts-nn.ru anywhere
DROP all -- 201.18.18.173 anywhere
DROP all -- 180.215.122.223 anywhere
DROP all -- server.ranzega.com anywhere
DROP all -- walkerj235.com anywhere
DROP all -- server.ranzega.com anywhere
DROP all -- 130.193.222.82 anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
DROP all -- 201.18.18.173 anywhere
DROP all -- 192.187.100.58 anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-apache-nohome tcp -- anywhere anywhere
f2b-SSH tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-apache-badbots tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-php-url-fopen tcp -- anywhere anywhere
f2b-apache-overflows tcp -- anywhere anywhere
DROP all -- 61.177.172.30 anywhere
DROP all -- 58.218.198.162 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain countrydrop (0 references)
target prot opt source destination
Chain f2b-SSH (21 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain f2b-apache-badbots (11 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain f2b-apache-nohome (12 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain f2b-apache-overflows (17 references)
target prot opt source destination
REJECT all -- 113.240.250.156 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 113.225.223.159 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 113.225.211.67 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 113.225.210.47 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 163.95.90.110.broad.sm.fj.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all -- 110.184.31.173 anywhere reject-with icmp-po rt-unreachable
REJECT all -- tsn109-201-154-190.dyn.nltelcom.net anywhere rej ect-with icmp-port-unreachable
REJECT all -- 108.61.161.133.vultr.com anywhere reject-with ic mp-port-unreachable
REJECT all -- 108.61.123.71.choopa.net anywhere reject-with ic mp-port-unreachable
REJECT all -- pool-108-56-169-16.washdc.fios.verizon.net anywhere reject-with icmp-port-unreachable
REJECT all -- 108-165-2-29.acedatacenter.com anywhere reject-w ith icmp-port-unreachable
REJECT all -- ec2-107-20-79-100.compute-1.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all -- ec2-107-20-44-9.compute-1.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all -- 107.191.52.11.vultr.com anywhere reject-with icm p-port-unreachable
REJECT all -- 107.170.220.150 anywhere reject-with icmp-po rt-unreachable
REJECT all -- api0.apsvc.actvp.ch anywhere reject-with icmp-po rt-unreachable
REJECT all -- 107.170.199.104 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 106.75.81.90 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 106.75.81.82 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 106.75.81.110 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 106.75.73.79 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 106.75.73.217 anywhere reject-with icmp-po rt-unreachable
REJECT all -- 106.75.73.123 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.75.61.227 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.75.34.127 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.75.25.179 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.75.114.82 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.39.60.188 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.39.60.187 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.39.60.184 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.39.60.180 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.188.11 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.186.137 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.174.76 anywhere reject-with icmp-port-unreachable
REJECT all -- chaseentrepreneur.com anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.167.56 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.166.222 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.164.100 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.144.122 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.142.167 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.236.139.64 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.207.133.155.vultr.com anywhere reject-with icmp-port-unreachable
REJECT all -- 104.201.33.146 anywhere reject-with icmp-port-unreachable
REJECT all -- jeromegarcia.clientshostname.com anywhere reject-with icmp-port-unreachable
REJECT all -- theodorerhodes.clientshostname.com anywhere reject-with icmp-port-unreachable
REJECT all -- allenanderson.clientshostname.com anywhere reject-with icmp-port-unreachable
REJECT all -- 104.131.159.69 anywhere reject-with icmp-port-unreachable
REJECT all -- fivedottwo.safeconsolecloud.io anywhere reject-with icmp-port-unreachable
REJECT all -- 104.131.156.102 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.131.155.138 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.131.152.12 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.131.150.84 anywhere reject-with icmp-port-unreachable
REJECT all -- biosurplus.diseno.com anywhere reject-with icmp-port-unreachable
REJECT all -- 104.131.141.23 anywhere reject-with icmp-port-unreachable
REJECT all -- bigr-3.bifrost anywhere reject-with icmp-port-unreachable
REJECT all -- 103.6.237.136 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.193.151.4 anywhere reject-with icmp-port-unreachable
REJECT all -- 101.88.237.110 anywhere reject-with icmp-port-unreachable
REJECT all -- 101.87.66.111 anywhere reject-with icmp-port-unreachable
REJECT all -- 100.13.130.4 anywhere reject-with icmp-port-unreachable
REJECT all -- 1.214.89.69 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-php-url-fopen (28 references)
target prot opt source destination
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hotbox.media anywhere reject-with icmp-port-unreachable
REJECT all -- vps72581925.123-vps.co.uk anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
sebres
commented
6 years ago
Before closing out the topic again please read the fact the solutions you already have here do not work. Please see explanation below. I have not been able to use fail2ban properly for over 1.5 years now was hoping you would have fixed it by now.
followed this and removed the locking option which is how it was to begin with and it still gives me errors. This is why i posted here. I wouldn't be posting if other solutions worked
this time I get:
Same action still occurs. Meaning that it starts but doesn't ban anyone
Upon start up of Fail2ban I get these 2 errors
Starting fail2ban: No file(s) found for glob /var/log/mariadb/mariadb.log NOK: ('malformed database schema (bans_ip) - no such table: main.bans',)
I try getting my self banned and nothing is happening. I can keep logging right back on and retrying to get into the system.
I just installed 0.11 today.
Environment:
Fill out and check (
[x]) the boxes which apply. If your Fail2Ban version is outdated, and you can't verify that the issue persists in the recent release, better seek support from the distribution you obtained Fail2Ban fromThe issue:
Fail2ban doesn't actually ban anyone or stop anyone from logging back on.
Steps to reproduce
No special steps. Followed installation instructions from here.
Expected behavior
To actually ban people and keep them banned
Observed behavior
Will kick person off of server after to many login attempts but doesn't stop the person from logging right back on and trying again.
Any additional information
Configuration, dump and another helpful excerpts
Any customizations done to /etc/fail2ban/ configuration
Jail.Local
Relevant parts of /var/log/fail2ban.log file:
preferably obtained while running fail2ban with
loglevel = 4Iptables Printout
Seems to be very messy to me with multiple identical jails running. If that's because of my jail.local please tell me.