All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
fail2ban configuration
Hi All,
I have tried installing and configuring the fail2ban for ssh ..
My SSH port is 5000 and below is my /etc/fail2ban/jail.local file .. with only below changes in the default file
Set "enabled" to "true" in [ssh-ddos] section
Set "port" to "5000" in [ssh] and [ssh-ddos] sections
My /etc/fail2ban/jail.local file -- > http://pastebin.com/irrrqcsm
But when I am starting the fail2ban , there are no logs nothing .. also restarting fail2ban gives below error --
/etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban failed!
Also in /etc/fail2ban/fail2ban.conf , I have set the loglevel = 4(DEBUG) , but still no logs gets created in /var/log/fail2ban.log and this logfile is empty .
Any clue please ??
Comments
edit to like this
then restart fail2ban
@arieonline .. thats what i did but got the below error with no logs in /var/log/fail2ban.log--
service fail2ban restart
Restarting authentication failure monitor: fail2ban failed!
@fresher_06 start with basics:
1) Did you check your /etc/fail2ban/filter.d/sshd.conf? Does it have the same time/date as most of the other system-provided ones? (i.e., is it the default one?)
2) Try this:
port = 5000
action = iptables[name=SSH, port=5000, protocol=tcp]
(with the rest of what you had in that stanza)
3) If that doesn't work, try this more drastic measure:
port = all
action = iptables-allports[name=SSH]
(with the rest of what you had in that stanza)
4) Check your /etc/fail2ban/jail.local for special characters, especially at the end of each line (i.e., if you copied anything from Windoze) .... this one can sneak up on you and not provide any warning
Those are some quick thoughts.