Fail2ban ssh-iptables not working

[RevengeFNF]

Hello,

Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:

Code: Select all

 fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

When i enter my server:

Code: Select all

There were 6552 failed login attempts since the last successful login.

Anyone else noticed this?

[joem]

Hello,

Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:

Code: Select all

 fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

When i enter my server:

Code: Select all

There were 6552 failed login attempts since the last successful login.

Anyone else noticed this?

I noticed this too, whats in your fail2ban error log /var/log/fail2ban.log? Also is fail2ban working for ftp on your end?

[RevengeFNF]

No errors showing in the log. Its simple not catching the failed ssh login attempts.

[joem]

No errors showing in the log. Its simple not catching the failed ssh login attempts.

Since you cant provide any real errors try this first, Go to Server - > Fail2ban Configure - add under [ssh-iptables]

Code: Select all

port =   sshd,sftp-server,ssh

Restart fail2ban and see what happens.

If that does not work check to see if fail2ban is updated to the latest build 0.9.6. It MAY or MAY NOT help if you update to the latest but I had to manually install it which could lead to other issues down the road I have only found one and its not really related unless you plan on using "recidive".

Check Version

Code: Select all

fail2ban-client version

To install 0.9.6 at your own risk,

Code: Select all

wget https://github.com/fail2ban/fail2ban/archive/0.9.6.zip
unzip 0.9.6.zip
cd fail2ban-0.9.6
python setup.py install

If you wish to keep troubleshooting without updating and the above does not work please provide jail.local and fail2ban.log

[RevengeFNF]

Im using it:

Code: Select all

fail2ban-client version
0.9.6

I will try that solution i will give the feedback later.

[RevengeFNF]

That solution did not work unfortunately.

[RevengeFNF]

Hello,

Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:

Code: Select all

 fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

When i enter my server:

Code: Select all

There were 6552 failed login attempts since the last successful login.

Anyone else noticed this?

I noticed this too, whats in your fail2ban error log /var/log/fail2ban.log? Also is fail2ban working for ftp on your end?

Just to tell you that i was able to fix the issue. I noticed that the file imjournal.state inside /var/lib/rsyslog/ was not updating, so i deleted it, restarted systemd-journald and it fixed the issue.