fail2ban configuration

fresher_06

Hi All,
I have tried installing and configuring the fail2ban for ssh ..
My SSH port is 5000 and below is my /etc/fail2ban/jail.local file .. with only below changes in the default file

Set "enabled" to "true" in [ssh-ddos] section
Set "port" to "5000" in [ssh] and [ssh-ddos] sections

My /etc/fail2ban/jail.local file -- > http://pastebin.com/irrrqcsm

But when I am starting the fail2ban , there are no logs nothing .. also restarting fail2ban gives below error --

/etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban failed!

Also in /etc/fail2ban/fail2ban.conf , I have set the loglevel = 4(DEBUG) , but still no logs gets created in /var/log/fail2ban.log and this logfile is empty .

Any clue please ??

arieonline

edit to like this

[ssh]
enabled = true
port    = 5000
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 6

then restart fail2ban

service fail2ban restart

fresher_06

@arieonline .. thats what i did but got the below error with no logs in /var/log/fail2ban.log--

service fail2ban restart
Restarting authentication failure monitor: fail2ban failed!

geekalot

@fresher_06 start with basics:
1) Did you check your /etc/fail2ban/filter.d/sshd.conf? Does it have the same time/date as most of the other system-provided ones? (i.e., is it the default one?)

2) Try this:
port = 5000
action = iptables[name=SSH, port=5000, protocol=tcp]
(with the rest of what you had in that stanza)

3) If that doesn't work, try this more drastic measure:
port = all
action = iptables-allports[name=SSH]
(with the rest of what you had in that stanza)

4) Check your /etc/fail2ban/jail.local for special characters, especially at the end of each line (i.e., if you copied anything from Windoze) .... this one can sneak up on you and not provide any warning

Those are some quick thoughts.