Hello,
I'm having problem to get sshd-ddos triggering action. From the
configuration and from the log it looks like things are working, but
there is no trigger of action !
Do I miss something ?
Thanks in advance for your support
Patrick
Fedora 25 with systemd/journalctl
Packages installed are :
fail2ban-systemd-0.9.6-2.fc25.noarch
fail2ban-server-0.9.6-2.fc25.noarch
fail2ban-sendmail-0.9.6-2.fc25.noarch
fail2ban-mail-0.9.6-2.fc25.noarch
fail2ban-0.9.6-2.fc25.noarch
fail2ban-firewalld-0.9.6-2.fc25.noarch
==========
/etc/fail2ban/filter.d/sshd-ddos[INCLUDES]
# Read common prefixes. If any customizations available -- read them
from
# common.local
before = common.conf
[Definition]
_daemon = sshd
failregex = ^%(__prefix_line)sDid not receive identification string from
<HOST>\s*$
ignoreregex =
[Init]
journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
# Author: Yaroslav Halchenko
======
/etc/fail2ban/jail.d/sshd-ddos.conf
[sshd-ddos]
enabled = true
port = 23,20022
findtime = 600
bantime = 600
=======
fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd-ddos
fail2ban-client status sshd-ddos
Status for the jail: sshd-ddos
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
Here after is an extract of the fail2ban log (in DEBUG mode)
identification string from 15.203.163.254 port 57692'
2017-01-25 11:53:06,613 fail2ban.filtersystemd [30722]: DEBUG Read
systemd journal entry: '2017-01-25T11:53:06.206739pitchoun.pipiche.net
sshd[30729]: Did not receive identification string from 15.203.163.254
port 57712'
2017-01-25 11:53:12,362 fail2ban.filtersystemd [30722]: DEBUG Read
systemd journal entry: '2017-01-25T11:53:11.983178pitchoun.pipiche.net
sshd[30733]: Did not receive identification string from 15.203.163.254
port 57716'
2017-01-25 11:53:13,862 fail2ban.filtersystemd [30722]: DEBUG Read
systemd journal entry: '2017-01-25T11:53:13.544886pitchoun.pipiche.net
sshd[30696]: Did not receive identification string from 62.215.52.6 port
17877'
2017-01-25 11:53:17,612 fail2ban.filtersystemd [30722]: DEBUG Read
systemd journal entry: '2017-01-25T11:53:17.247066pitchoun.pipiche.net
sshd[30740]: Did not receive identification string from 15.203.163.254
port 57718'
2017-01-25 11:53:20,618 fail2ban.filtersystemd [30722]: DEBUG Read
systemd journal entry: '2017-01-25T11:53:20.399851pitchoun.pipiche.net
sshd[30744]: Did not receive identification string from 15.203.163.254
port 57722'
2017-01-25 11:54:25,612 fail2ban.filtersystemd [30722]: DEBUG Read
systemd journal entry: '2017-01-25T11:54:25.353911pitchoun.pipiche.net
sshd[30748]: Did not receive identification string from 201.194.252.161
port 42002'
2017-01-25 12:01:17,551 fail2ban.transmitter [30722]: DEBUG
Command: ['status']
2017-01-25 12:01:35,906 fail2ban.transmitter [30722]: DEBUG
Command: ['status', 'sshd-ddos']
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
