fail2ban is working but not getting email to show that sshd-ddos is running

Gregory Schultz

8/13/24, 7:53 PM

I have fail2ban running on my server and I have three programs running: sshd, sshd-ddos and runcloud-agent. There are no error messages but when I recently restarted my server, I got an email message saying sshd and runcloud-agent are running, I did not get a message for sshd-ddos saying it was running.

Here's my jail.local config file:

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3153600000
maxretry = 1
destemail = ******
sender = ******
mta = sendmail

[sshd]
enabled = true
logpath = %(sshd_log)s
port = ***** (not 22)
banaction = iptables-multiport
mode = aggressive
action = %(action_mwl)s
failregex = %(known/failregex)s
               ^Bad protocol version identification '.*' from <HOST>

[sshd-ddos]
enabled = true
logpath = %(sshd_log)s
banaction = iptables-multiport
filter = sshd

[runcloud-agent]
enabled = true
logpath = *****
port = *****
banaction = iptables
maxretry = 1
action = %(action_mwl)s

1 + 0

ubuntu

fail2ban

Score:2

Server

sebres

8/14/24, 11:13 AM

The answer is pretty simple - there is no action = %(action_mwl)s in section [sshd-ddos], therefore fail2ban uses default action with banaction only.
Either add it to jail section or to default section.

By the way, the mail actions, especially like mail-whois-lines, are ugly - they can retard banning (up to timeout of 60 seconds) due to possible delays caused by whois retrieving, DNS resolving, grep of logs (so washout of system cache) etc.
Don't really understand why people use them or rather why someone may need thousands of mails about some bans every day.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: fail2ban is working but not getting email to show that sshd-ddos is running

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.