Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dorsia2018-01-27 15:05:04
SSH
dorsia, 2018-01-27 15:05:04

Why does fail2ban v0.10.3.dev1 incremental only ban for 600 seconds?

I installed a new Fail2Ban v0.10.3.dev1 on Raspbian Stretch Lite , which increases the ban time for repeat offenders. I use for ssh. There were problems using. IP addresses of attackers receive a ban for only 600 seconds, and after being unbanned, this chain repeats again. No increase in ban time is observed.
Proper configuration , unfortunately, does not describe my problem.
Problem in jail.local config? Where does fail2ban get these 600 seconds from? Fail2ban.conf somehow used if there is jail.local?
Please share your opinions about the problem, and if possible, a well-commented prop configuration.
Thank you.
PS Yes, I know that it's easier to log in using keys, change the standard port, and so on. But still, let me choose authorization by password. Fail2ban is designed for this.

fail2ban.log
2018-01-27 07:29:06,446 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 07:29:06
2018-01-27 07:29:06,454 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 07:29:06
2018-01-27 07:29:09,063 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 07:29:08
2018-01-27 07:29:09,169 fail2ban.actions        [6272]: NOTICE  [sshd] Ban 5.188.10.176
2018-01-27 07:39:09,969 fail2ban.actions        [6272]: NOTICE  [sshd] Unban 5.188.10.176
2018-01-27 07:46:18,113 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 07:46:16
2018-01-27 07:46:18,121 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 07:46:16
2018-01-27 07:46:18,727 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 07:46:18
2018-01-27 07:46:18,913 fail2ban.actions        [6272]: NOTICE  [sshd] Ban 5.188.10.176
2018-01-27 07:56:19,788 fail2ban.actions        [6272]: NOTICE  [sshd] Unban 5.188.10.176
2018-01-27 08:21:51,737 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 08:21:50
2018-01-27 08:21:51,745 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 08:21:50
2018-01-27 08:21:51,950 fail2ban.filter         [6272]: INFO    [sshd] Found 5.188.10.176 - 2018-01-27 08:21:51
2018-01-27 08:21:52,726 fail2ban.actions        [6272]: NOTICE  [sshd] Ban 5.188.10.176
jail.local
[DEFAULT]
bantime.increment = true
ignoreip = 127.0.0.1/8
findtime = 150
maxretry = 3
banaction = iptables-multiport
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
[sshd]
enabled = true
port = ssh
filter = sshd
[ssh-iptables]
enabled = false

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2018-01-27
@alexr64


bantime
effective ban duration (in seconds or time abbreviation format).

©

Similar questions
I
ince2020-02-23 15:14:53
How to call an installed package? 1Reply
S
Semyon2020-02-24 15:28:30
Vds server as an openVPN client. How to setup? 3Reply
N
NazarJs2020-02-24 16:17:48
How to login via SSH on windows 10? 2Reply
D
danforth2017-10-16 06:11:26
How to make authentication for sFTP (ssh) user by key file? 2Reply
F
frayer2020-03-12 18:05:53
How to connect remote database in Laravel using ssh? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question