[SOLVED] fail2ban not banning user
On a whim, I checked /var/log/auth.log and saw brute force attempts for root from a couple of IPs in China, happily going on while I thought fail2ban was working.
From what I've gathered from Google, fail2ban seems to be set up correctly (I haven't modified defaults, just made a copy of
sshd is the only service enabled in
jail.local, and all filters are set to defaults.
Also, fail2ban-server is running and fail2ban-client is able to find it.
sudo fail2ban-client status displays:
Status |- Number of jail: 1 `- Jail list: ssh
I tried ssh'ing in from another VPS of mine, and confirmed that it doesn't ban me after 6 (or more) incorrect attempts.
I also tried installing gamin, and set
backend = gamin in
jail.local, no dice.
For now, I've disabled root login and changed the SSH port, but I'd like to get fail2ban running. Any pointers?
Edit: Debian 8, KVM, dotdeb repositories, Fail2Ban v0.8.13
Edit: Solved: Problem was that sshd was logging in a different timezone. I rebooted, and it works fine now! (thanks @ATHK)