Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

fail2ban configuration
New on LowEndTalk? Please Register and read our Community Rules.

fail2ban configuration

fresher_06fresher_06 Member
edited November 2012 in General

Hi All,
I have tried installing and configuring the fail2ban for ssh ..
My SSH port is 5000 and below is my /etc/fail2ban/jail.local file .. with only below changes in the default file

Set "enabled" to "true" in [ssh-ddos] section
Set "port" to "5000" in [ssh] and [ssh-ddos] sections

My /etc/fail2ban/jail.local file -- >

But when I am starting the fail2ban , there are no logs nothing .. also restarting fail2ban gives below error --

/etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban failed!

Also in /etc/fail2ban/fail2ban.conf , I have set the loglevel = 4(DEBUG) , but still no logs gets created in /var/log/fail2ban.log and this logfile is empty .

Any clue please ??


  • arieonlinearieonline Member
    edited November 2012

    edit to like this

    enabled = true
    port    = 5000
    filter  = sshd
    logpath  = /var/log/auth.log
    maxretry = 6

    then restart fail2ban

    service fail2ban restart
  • @arieonline .. thats what i did but got the below error with no logs in /var/log/fail2ban.log--

    service fail2ban restart
    Restarting authentication failure monitor: fail2ban failed!

  • geekalotgeekalot Member
    edited November 2012

    @fresher_06 start with basics:
    1) Did you check your /etc/fail2ban/filter.d/sshd.conf? Does it have the same time/date as most of the other system-provided ones? (i.e., is it the default one?)

    2) Try this:
    port = 5000
    action = iptables[name=SSH, port=5000, protocol=tcp]

    (with the rest of what you had in that stanza)

    3) If that doesn't work, try this more drastic measure:
    port = all
    action = iptables-allports[name=SSH]

    (with the rest of what you had in that stanza)

    4) Check your /etc/fail2ban/jail.local for special characters, especially at the end of each line (i.e., if you copied anything from Windoze) .... this one can sneak up on you and not provide any warning

    Those are some quick thoughts.

Sign In or Register to comment.