Re: [Fail2ban-users] Need help for put "recidive" to work

Wed, 30 Nov 2016 03:02:10 -0800 

 This is a grep in /var/log/fail2ban.log for the IP 58.218.204.188, is
banned for 15 minutes, and I have him again hammering.

 Nevertheless I don't have any ban with recidive


2016-11-30 02:41:07,320 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 02:57:16,143 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 03:13:19,994 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 03:30:15,554 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 03:47:13,362 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 04:03:23,169 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 04:19:34,023 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 04:35:43,608 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 04:51:45,210 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 05:08:00,998 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 05:24:09,252 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 05:40:54,110 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 05:57:33,920 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 06:14:15,753 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 06:31:13,761 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 06:48:05,424 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 07:05:54,143 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 07:23:09,670 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 07:40:10,821 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 07:57:12,837 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 08:14:00,423 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 08:31:53,560 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 08:48:56,635 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 09:05:19,316 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 09:23:49,290 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 09:40:04,261 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 09:58:09,996 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 10:17:05,954 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188
2016-11-30 10:34:29,384 fail2ban.actions        [1164]: NOTICE  [sshd]
Ban 58.218.204.188

Cheers,
Nuno

On Tue, 2016-11-29 at 07:27 -0800, [email protected] wrote:
> Nuno,
>        Perhaps you should post some lines from your
>        /var/log/fail2ban.log ...ie: lines showing hosts that you feel
>        certain should have been banned but weren't.  That might help
> to
>        debug the problem.  (We assume you have restarted fail2ban
> after
>        changing the config.)
> 
> 
> On Mon, Nov 28, 2016, at 03:02 AM, Nuno Dias wrote:
> >  Done that, same result.
> > 
> > bantime  = 604800  ; 1 week
> > findtime = 86400   ; 1 Day
> > 
> > Cheers,
> > Nuno
> > 
> > On Sat, 2016-11-26 at 12:49 +0100, Tommy Berglund wrote:
> > > Den 2016-11-26 kl. 12:04, skrev Nuno Dias:
> > > >  I have enabled recidive in /etc/fail2ban/jail.local, but don't
> > > > work, I
> > > > already changed the ban/find/retry but nothing works.
> > > > 
> > > >  Anyone have any ideia how to debug this?
> > > > 
> > > >  This is my configuration
> > > > 
> > > > [recidive]
> > > > enabled  = true
> > > > filter   = recidive
> > > > logpath  = /var/log/fail2ban.log
> > > > banaction = %(banaction_allports)s
> > > > bantime  = 86400  ; 1 Day
> > > > findtime = 3600   ; 1 Hours
> > > > maxretry = 2
> > > > 
> > > >  And my machine is CentOS Linux release 7.2.1511
> > > > 
> > > > Thanks,
> > > > Nuno
> > > > 
> > > 
> > > My suggestion set bantime to 1 week and findtime to 1 day.
> > > 
> > 
> > -- 
> > Nuno Dias <[email protected]>
> > LIP
> > -----------------------------------------------------------------
> > -------------
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> > Email had 1 attachment:
> > + smime.p7s
> >   4k (application/x-pkcs7-signature)
> 
> -------------------------------------------------------------------
> -----------
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
-- 
Nuno Dias <[email protected]>
LIP

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to