Fail2ban ssh-iptables not working
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Fail2ban ssh-iptables not working
Hello,
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
When i enter my server:
Anyone else noticed this?
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
Code: Select all
fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
Code: Select all
There were 6552 failed login attempts since the last successful login.
Re: Fail2ban ssh-iptables not working
I noticed this too, whats in your fail2ban error log /var/log/fail2ban.log? Also is fail2ban working for ftp on your end?RevengeFNF wrote:Hello,
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
When i enter my server:Code: Select all
fail2ban-client status ssh-iptables Status for the jail: ssh-iptables |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
Anyone else noticed this?Code: Select all
There were 6552 failed login attempts since the last successful login.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Fail2ban ssh-iptables not working
No errors showing in the log. Its simple not catching the failed ssh login attempts.
Re: Fail2ban ssh-iptables not working
Since you cant provide any real errors try this first, Go to Server - > Fail2ban Configure - add under [ssh-iptables]RevengeFNF wrote:No errors showing in the log. Its simple not catching the failed ssh login attempts.
Code: Select all
port = sshd,sftp-server,ssh
If that does not work check to see if fail2ban is updated to the latest build 0.9.6. It MAY or MAY NOT help if you update to the latest but I had to manually install it which could lead to other issues down the road I have only found one and its not really related unless you plan on using "recidive".
Check Version
Code: Select all
fail2ban-client version
Code: Select all
wget https://github.com/fail2ban/fail2ban/archive/0.9.6.zip
unzip 0.9.6.zip
cd fail2ban-0.9.6
python setup.py install
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Fail2ban ssh-iptables not working
Im using it:
I will try that solution i will give the feedback later.
Code: Select all
fail2ban-client version
0.9.6
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Fail2ban ssh-iptables not working
That solution did not work unfortunately.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Fail2ban ssh-iptables not working
Just to tell you that i was able to fix the issue. I noticed that the file imjournal.state inside /var/lib/rsyslog/ was not updating, so i deleted it, restarted systemd-journald and it fixed the issue.joem wrote:I noticed this too, whats in your fail2ban error log /var/log/fail2ban.log? Also is fail2ban working for ftp on your end?RevengeFNF wrote:Hello,
Since i updated from Centos 7.2 to Centos 7.3, the fail2ban rule ssh-iptables is not working anymore:
When i enter my server:Code: Select all
fail2ban-client status ssh-iptables Status for the jail: ssh-iptables |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
Anyone else noticed this?Code: Select all
There were 6552 failed login attempts since the last successful login.