Page 1 of 1
Fail2ban ssh-iptables not working
Posted: Mon Jan 16, 2017 5:04 pm
by RevengeFNF
Hello,
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
Code: Select all
fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
When i enter my server:
Code: Select all
There were 6552 failed login attempts since the last successful login.
Anyone else noticed this?
Re: Fail2ban ssh-iptables not working
Posted: Wed Jan 18, 2017 1:05 am
by joem
RevengeFNF wrote:Hello,
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
Code: Select all
fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
When i enter my server:
Code: Select all
There were 6552 failed login attempts since the last successful login.
Anyone else noticed this?
I noticed this too, whats in your fail2ban error log /var/log/fail2ban.log? Also is fail2ban working for ftp on your end?
Re: Fail2ban ssh-iptables not working
Posted: Fri Jan 20, 2017 2:42 am
by RevengeFNF
No errors showing in the log. Its simple not catching the failed ssh login attempts.
Re: Fail2ban ssh-iptables not working
Posted: Fri Jan 20, 2017 8:41 am
by joem
RevengeFNF wrote:No errors showing in the log. Its simple not catching the failed ssh login attempts.
Since you cant provide any real errors try this first, Go to Server - > Fail2ban Configure - add under [ssh-iptables]
Restart fail2ban and see what happens.
If that does not work check to see if fail2ban is updated to the latest build 0.9.6. It MAY or MAY NOT help if you update to the latest but I had to manually install it which could lead to other issues down the road I have only found one and its not really related unless you plan on using "recidive".
Check Version
To install 0.9.6 at your own risk,
Code: Select all
wget https://github.com/fail2ban/fail2ban/archive/0.9.6.zip
unzip 0.9.6.zip
cd fail2ban-0.9.6
python setup.py install
If you wish to keep troubleshooting without updating and the above does not work please provide jail.local and fail2ban.log
Re: Fail2ban ssh-iptables not working
Posted: Fri Jan 20, 2017 4:46 pm
by RevengeFNF
Im using it:
I will try that solution i will give the feedback later.
Re: Fail2ban ssh-iptables not working
Posted: Fri Jan 20, 2017 7:14 pm
by RevengeFNF
That solution did not work unfortunately.
Re: Fail2ban ssh-iptables not working
Posted: Tue Feb 21, 2017 2:37 am
by RevengeFNF
joem wrote:RevengeFNF wrote:Hello,
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
Code: Select all
fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
When i enter my server:
Code: Select all
There were 6552 failed login attempts since the last successful login.
Anyone else noticed this?
I noticed this too, whats in your fail2ban error log /var/log/fail2ban.log? Also is fail2ban working for ftp on your end?
Just to tell you that i was able to fix the issue. I noticed that the file imjournal.state inside /var/lib/rsyslog/ was not updating, so i deleted it, restarted systemd-journald and it fixed the issue.