From: Patrick P. <pa...@pi...> - 2017-01-25 11:22:59
|
Hello, I'm having problem to get sshd-ddos triggering action. From the configuration and from the log it looks like things are working, but there is no trigger of action ! Do I miss something ? Thanks in advance for your support Patrick Fedora 25 with systemd/journalctl Packages installed are : fail2ban-systemd-0.9.6-2.fc25.noarch fail2ban-server-0.9.6-2.fc25.noarch fail2ban-sendmail-0.9.6-2.fc25.noarch fail2ban-mail-0.9.6-2.fc25.noarch fail2ban-0.9.6-2.fc25.noarch fail2ban-firewalld-0.9.6-2.fc25.noarch ========== /etc/fail2ban/filter.d/sshd-ddos[INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = sshd failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$ ignoreregex = [Init] journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd # Author: Yaroslav Halchenko ====== /etc/fail2ban/jail.d/sshd-ddos.conf [sshd-ddos] enabled = true port = 23,20022 findtime = 600 bantime = 600 ======= fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd-ddos fail2ban-client status sshd-ddos Status for the jail: sshd-ddos |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: Here after is an extract of the fail2ban log (in DEBUG mode) identification string from 15.203.163.254 port 57692' 2017-01-25 11:53:06,613 fail2ban.filtersystemd [30722]: DEBUG Read systemd journal entry: '2017-01-25T11:53:06.206739pitchoun.pipiche.net sshd[30729]: Did not receive identification string from 15.203.163.254 port 57712' 2017-01-25 11:53:12,362 fail2ban.filtersystemd [30722]: DEBUG Read systemd journal entry: '2017-01-25T11:53:11.983178pitchoun.pipiche.net sshd[30733]: Did not receive identification string from 15.203.163.254 port 57716' 2017-01-25 11:53:13,862 fail2ban.filtersystemd [30722]: DEBUG Read systemd journal entry: '2017-01-25T11:53:13.544886pitchoun.pipiche.net sshd[30696]: Did not receive identification string from 62.215.52.6 port 17877' 2017-01-25 11:53:17,612 fail2ban.filtersystemd [30722]: DEBUG Read systemd journal entry: '2017-01-25T11:53:17.247066pitchoun.pipiche.net sshd[30740]: Did not receive identification string from 15.203.163.254 port 57718' 2017-01-25 11:53:20,618 fail2ban.filtersystemd [30722]: DEBUG Read systemd journal entry: '2017-01-25T11:53:20.399851pitchoun.pipiche.net sshd[30744]: Did not receive identification string from 15.203.163.254 port 57722' 2017-01-25 11:54:25,612 fail2ban.filtersystemd [30722]: DEBUG Read systemd journal entry: '2017-01-25T11:54:25.353911pitchoun.pipiche.net sshd[30748]: Did not receive identification string from 201.194.252.161 port 42002' 2017-01-25 12:01:17,551 fail2ban.transmitter [30722]: DEBUG Command: ['status'] 2017-01-25 12:01:35,906 fail2ban.transmitter [30722]: DEBUG Command: ['status', 'sshd-ddos'] |