Failures with fail2ban in CentOS 8

[HenriqueFagundes]

Dear Colleagues,

Greetings!

I apologize for the possible typos. I'm Brazilian and I have difficulties with English

I have a problem with Drupal (and I cannot update it). I can't get fail2ban to stop login attempts with error.

What I find strange is that before migrating from server, it used version 0.9.6-2 of fail2ban in Debian 9.12 and it worked correctly.

I migrated the server to a CentOS 8.1 running fail2ban in version 0.10.5-2. And after that, the lock does not work.

I will share the configuration files with you:

/etc/fail2ban/jail.conf:
https://temporario.aprendendolinux.com/ ... l.conf.txt

/etc/fail2ban/filter.d/drupal-auth.conf:
https://temporario.aprendendolinux.com/ ... h.conf.txt

/var/log/messages:
https://temporario.aprendendolinux.com/messages.txt

I understand that the correct thing would be for fail2ban to block IP 177.124.244.10 after the third login attempt, but it is not happening.

I recorded this video to demonstrate the problem more clearly:
https://youtu.be/5AkuUpVYbms

can anybody help me?

[lightman47]

Don't know if it is the problem but your default bantime is a negative number. I've not seen that before. In addition, in the defaults you banned ALL ports if any are violated, but then in the separate jails, they are overridden with only particular ports blocked.

I don't know if this is what is causing your grief but I hope it helps you. I cannot vouch that mine works because my CentOS 8 machine is not the one exposed to the 'outside', so it never receives attempts.

[BShT]

test your regex with fail2ban-regex

most of time the error is in how you wrote your regex
na maioria das vezes o erro está em como você escreveu sua expressão regular

[HenriqueFagundes]

Dear,

Thanks to everyone who tried to help!
I managed to resolve the issue.

I made a small mistake. I use iptables and fail2ban was configured to use firewalld.

This topic can be closed.