I noticed that Fail2ban isn’t blocking any IP addresses anymore, but it should be.
E.g., as a test, I just tried to SSH into the server with wrong password, but Fail2ban isn’t jumping in. With failed SIP registration attempts it’s the same. Max retries set to 6.
FreePBX Distro 10.13.66
/var/secure:
Oct 19 10:13:33 freepbx-a sshd[63438]: Failed password for root from 192.168.1.254 port 58210 ssh2
Oct 19 10:13:37 freepbx-a sshd[63438]: Failed password for root from 192.168.1.254 port 58210 ssh2
Oct 19 10:13:40 freepbx-a sshd[63438]: Failed password for root from 192.168.1.254 port 58210 ssh2
Oct 19 10:13:44 freepbx-a sshd[63438]: Failed password for root from 192.168.1.254 port 58210 ssh2
Oct 19 10:13:48 freepbx-a sshd[63438]: Failed password for root from 192.168.1.254 port 58210 ssh2
Oct 19 10:13:50 freepbx-a sshd[63438]: Failed password for root from 192.168.1.254 port 58210 ssh2
Oct 19 10:13:50 freepbx-a sshd[63439]: Disconnecting: Too many authentication failures for root
Oct 19 10:13:50 freepbx-a sshd[63438]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254 user=root
Oct 19 10:13:50 freepbx-a sshd[63438]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 19 10:14:10 freepbx-a sshd[64031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.254 user=root
I’m guessing there are multiple instances of the server running on the master server of my HA setup, as well as clients trying to stop and restart fail2ban which are locked waiting to complete:
The oldest of these dates back to Aug 10 when the fail2ban logs stop. service stop wouldn’t work, and fail2ban-client commands also got stuck. I killed all the processes and restarted, and it now seems to be back up.