[CentOS] faI2ban detecting and banning but nothing happens
Allan
allan2016 at warpspeed.dyndns.dk
Mon Apr 29 01:00:26 UTC 2019
På Sun, 28 Apr 2019 12:59:59 +0100
Pete Biggs <pete at biggs.org.uk> skrev:
> > >
> > > /var/log/fail2ban.log is showing that it's working:
> >
> > I have seem similar odd behaviour with f2b with other filters.
> > Try to uninstall the package
> > fail2ban-systemd
> > and stop and start fail2ban again.
> > This might change its behavior to the better.
> >
>
> The fail2ban-systemd package configures fail2ban to use systemd
> journal for log input. The OP can see that it is detecting the
> transgressions, so the input side of things is not the issue.
I do not agree. Yes, it is detecting something is bad - but it is the
wrong filter, that is doing it, and that should not happen. Yes, both
dovecot and exim filters look in some of the same ports; but the filters
should know to look into the different logs.
However the f2b-systemd 'package' seems to clutter this up. For me, I
was trying to setup the recidive filter (for extended banning of ongoing
abusers) but it wouldn't ban anything either. Removing the f2b-systemd
package fixed it.
Do notice, the f2b-systemd package is optional - it is not included with
a simple f2b install - but the OP only installed it because of the
instructions on that howtoforge website. I've been there, done that,
too :-)
Thats why I think, he should try to remove it - as it didn't do any
harm to my system, when I removed it - but it fixed recidive filtering.
It is also interesting to read about the backend in jail.conf
Acording to that, backend = auto is default and auto includes 3 choices,
where systemd is not even one of them - so installing systemd as default
is quite an override, that may not be such a good idea (depending on the
filters you choose)
Allan.
More information about the CentOS
mailing list