SOLVED - sshd conf file was in wrong directory and with wrong extension
i have fallowed this tutorial htf and everything went smoothly, fail2ban starts nicely, i disabled selinux just in case, but sshd jail just does not start. I tried messing with config and when there is some mistake fail2ban does not start but when i remove stuff i changed then it starts but there are no jails.
so fallowing the tutorial i made file /etc/fail2ban/sshd.local
[sshd]
enabled = true
port = ssh
action = firewallcmd-ipset
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400
i also tried to put path to logfile( logpath = /var/log/secure) instead of logpath = %(sshd_log)s but there is still no sshd jail:
Status
|- Number of jail: 0
`- Jail list:
i changed logging level to DEBUG in /etc/fail2ban/fail2ban.conf
[DEFAULT]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
loglevel = DEBUG
with a bit more loggin inside of /var/log/fail2ban.log but i only get a tiny bit more logging which is irrelevant to jails.
2021-07-14 19:14:49,952 fail2ban.server [19586]: INFO Starting Fail2ban v0.11.1
2021-07-14 19:14:49,953 fail2ban.server [19586]: DEBUG Creating PID file /var/run/fail2ban/fail2ban.pid
2021-07-14 19:14:49,953 fail2ban.observer [19586]: INFO Observer start...
2021-07-14 19:14:49,954 fail2ban.server [19586]: DEBUG Starting communication
2021-07-14 19:14:49,961 fail2ban.database [19586]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2021-07-14 19:14:49,964 fail2ban.transmitter [19586]: DEBUG Status: ready
I also made changes in /etc/fail2ban/jail.local where i replaced:
backend = auto
to
backend = polling
i was wondering if anyone know what tools are on my disposal to debug not working jails?
