Ever since I’ve been troubleshooting and tweaking Fail2ban, it seems the ban notifications sent to the server admin email address has steadily increased. For example, a ban event currently sends 5 identical emails to the server admin.
I thought it was my limited understanding of how Fail2ban worked. But I soon realized that the culprit had to be multiple instances of Fail2ban causing the behavior. I had to dig up some Linux/Centos knowledge on how to figure out where to pull up processes (similar to the Windows services and task manager).
To show a master list of processes and pids:
ps aux || less
To display a list of pids with the name “fail2ban”:
pgrep fail2ban
To kill all pids with the name “fail2ban”:
pkill fail2ban
However, this kills all but one server instance of the Fail2ban server. I still had to start the server, reload the configuration and verify the status to ensure that it worked.
Remember to save and reload iptables prior to and after the above operations.