LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] fail2ban ignores my bantime
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-06-2013, 05:45 AM   #1
piramiday
Member
 
Registered: Sep 2013
Posts: 43

Rep: Reputation: Disabled
fail2ban ignores my bantime

I've installed fail2ban in order to ban ssh attackers, but even though my jail looks like this:
Code:
[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 1
findtime = 300 # 5m
bantime  = 86400 # 24h
when I start the fail2ban service I get the following:
Code:
fail2ban.filter : INFO   Set maxRetry = 1
fail2ban.filter : INFO   Set findtime = 600
fail2ban.actions: INFO   Set banTime = 600
fail2ban.jail   : INFO   Jail 'ssh' started
how come my find/ban times are NOT what I configured?
 
Old 09-06-2013, 10:23 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
I would look VERY carefully for a different configuration file than the one you think is being used. For example, do you have any settings in /etc/default? Do you have both a jail.conf and jail.conf.local with any overriding settings? Failing those, I would restart the process and look in your log files for any syntax or errors that could cause it to resort to default settings.
 
Old 09-06-2013, 11:33 AM   #3
piramiday
Member
 
Registered: Sep 2013
Posts: 43

Original Poster
Rep: Reputation: Disabled
got it!

the problem was the inline comment. at the start of the jail file you can read:
Code:
# Comments: use '#' for comment lines and ';' for inline comments
... meaning that it was indeed my fault.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban Log NotAComputerGuy Linux - Security 7 01-10-2013 07:17 PM
Fail2Ban Patrick032986 Linux - Software 7 09-18-2011 04:01 PM
I need help with fail2ban... trist007 Linux - Newbie 15 12-14-2009 03:22 AM
Need help with fail2ban regex jakev383 Linux - Security 6 12-07-2008 09:35 AM
Fail2ban and Firestarter baldur2630 Linux - Software 2 09-29-2008 05:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:52 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration