Change default fail2ban settings
I am trying to change the default behaviour of Fail2Ban and my changes don’t seem to be reflected in what I am seeing in my bans.
I followed multiple tutorials that are provided, but I am still confused on a couple of things. To make clear, I am editing my
I changed the settings for bantime (line 59), findtime (line 63) and maxretry (line 66). I was under the impression that these were the default settings, but they seem not to have affected
After editing the maxretry and bantime I ran
sudo systemctl reload sshd, which I thought would apply the changes I made, but it doesn’t seem so. I get emails when a ban has occurred and I am getting told that the IP was banned after 5 attempts, even though line 66 says 3.
Additionally, on line 106, it says
# "enabled" enables the jails , it explains that all jails are disabled by default and then on line 112 there is this setting,
enabled = false. Am I to assume that this means, unless I specific put the setting,
enabled = true on one of the services from line 208 and downward, they are not active?
This confuses me because I have not put
enabled = true on anything, yet Fail2Ban is still banning IPs. The only
enabled = true setting is on line 24 and it is commented out. Do I need to go to line 215 and put an
enabled = true to make my settings take effect? Do I have to do that for every service?
As you can tell, I am pretty confused by all of this. Any clarity would be greatly appreciated.