Monday, June 13, 2016

fail2ban not working on EL6/Centos 6

I've noticed that fail2ban do not ban every host/IP which it should after a while.

First I checked if my regexps are correct:
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-auth.conf --print-all-matched

Fortunately I've seen a lot of hits but most of them were not banned.
It appears that fail2ban is having issues monitoring log files.
Quick fix is to change the file monitoring backend from auto to polling.
Python inotify(pyinotify) or gamin may not work properly - you can read more about it here:

Edit your jail.local file, at the top add the following:
backend = polling

Restart fail2ban and check its log file to see if it bans every IP it should.

No comments:

Post a Comment