I've noticed that fail2ban do not ban every host/IP which it should after a while.
First I checked if my regexps are correct:
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-auth.conf --print-all-matched
Fortunately I've seen a lot of hits but most of them were not banned.
It appears that fail2ban is having issues monitoring log files.
Quick fix is to change the file monitoring backend from auto to polling.
Python inotify(pyinotify) or gamin may not work properly - you can read more about it here: https://github.com/fail2ban/fail2ban/issues/44
Edit your jail.local file, at the top add the following:
[DEFAULT]
backend = polling
Restart fail2ban and check its log file to see if it bans every IP it should.
No comments:
Post a Comment