Fail2ban bantime.increment not working

Whip

6/12/23, 8:08 AM

I wanted to increase the bantime of repeat offenders getting caught by fail2ban. I added the following lines at the top of /etc/fail2ban/jail.local and fail2ban.local

[DEFAULTS]
bantime.increment = true
bantime.factor = 1
bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor

But it doesn't seem to be working. Here's a part of the log

2022-02-12 12:18:11,869 fail2ban.filter         [744]: INFO    [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:18:11
2022-02-12 12:18:11,888 fail2ban.actions        [744]: NOTICE  [postfix-sasl] Ban 193.56.29.112
2022-02-12 12:28:11,985 fail2ban.actions        [744]: NOTICE  [postfix-sasl] Unban 193.56.29.112
2022-02-12 12:28:29,103 fail2ban.filter         [744]: INFO    [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:28:29
2022-02-12 12:36:15,501 fail2ban.filter         [744]: INFO    [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:36:15
2022-02-12 12:36:15,928 fail2ban.actions        [744]: NOTICE  [postfix-sasl] Ban 193.56.29.112
2022-02-12 12:46:16,257 fail2ban.actions        [744]: NOTICE  [postfix-sasl] Unban 193.56.29.112
2022-02-12 12:46:42,148 fail2ban.filter         [744]: INFO    [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:46:42

Could there be something overriding this? How can I find out?

My server is Ubuntu 20.04

352

0 + 0

ubuntu

fail2ban

Score:0

Server

sebres

6/14/23, 4:31 PM

Bantime increment facility is released with fail2ban 0.11, so if you see 0.11.x by fail2ban-client --version it must work.

As for the issue, please read the mans attentively (what exactly and where exactly you've to specify that).

Anyway you have to set bantime.increment = true in /etc/fail2ban/jail.local (not in /etc/fail2ban/fail2ban.*) for certain jail(s) or even in DEFAULT section, if must be valid for all jails.

Take careful look at your jail.conf, do you see S in default section name?

Thus remove the S like in this diff and it'd work...

-[DEFAULTS]
+[DEFAULT]
 bantime.increment = true

(and you don't need to set bantime.factor and bantime.formula since they seem to be default values).

0 + 0

Whip

6/16/23, 3:59 AM

Thanks a lot. `DEFAULTS` was the issue.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Fail2ban bantime.increment not working

TH: Fail2ban bantime.increment ไม่ทำงาน

RO: Fail2ban bantime.increment nu funcționează

RU: Fail2ban bantime.increment не работает

VI: Fail2ban bantime.increment không hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.