Getting Fail2Ban to work

My first clue that Fail2Ban wasn’t working right: it wasn’t showing up in iptables -L.
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere

My second clue: Fail2Ban wasn’t displaying the configuration I thought it had loaded. For example, my list of “ignoreips” wasn’t showing up when I tried to view it. Or it didn’t return the maxretry settings I had configured.

I tracked it down back to jail.local and determined that the SSH parser wasn’t actually enabled. So I uncommented the line and enabled it to “true”.
[ssh-iptables] #enabled = false enabled = true filter = sshd

I also had to change it to look at the SSH log, which in CentOS is in /var/log/secure
logpath = /var/log/secure

Reloaded the config and checked the status of the daemon.
fail2ban-client reload fail2ban-client status

Running properly, Fail2Ban creates a jail named ssh-iptables.

The only disappointment is that Fail2Ban does not ban retroactively. It only reviews new entries to determine bannable IPs.

The Fail2Ban command list helped me troubleshoot Fail2Ban. Running in interactive mode helped a great deal.

EPICUREASIAN.COM

aznbbqgrrl

a gardening gamer gal in search of good grub!