Change default fail2ban settings

January 21, 2018 1.7k views
Security Ubuntu 16.04

I am trying to change the default behaviour of Fail2Ban and my changes don't seem to be reflected in what I am seeing in my bans.

I followed multiple tutorials that are provided, but I am still confused on a couple of things. To make clear, I am editing my jail.local file.

I changed the settings for bantime (line 59), findtime (line 63) and maxretry (line 66). I was under the impression that these were the default settings, but they seem not to have affected sshd attempts.

After editing the maxretry and bantime I ran sudo systemctl reload sshd, which I thought would apply the changes I made, but it doesn't seem so. I get emails when a ban has occurred and I am getting told that the IP was banned after 5 attempts, even though line 66 says 3.

Additionally, on line 106, it says # "enabled" enables the jails , it explains that all jails are disabled by default and then on line 112 there is this setting, enabled = false. Am I to assume that this means, unless I specific put the setting, enabled = true on one of the services from line 208 and downward, they are not active?

This confuses me because I have not put enabled = true on anything, yet Fail2Ban is still banning IPs. The only enabled = true setting is on line 24 and it is commented out. Do I need to go to line 215 and put an enabled = true to make my settings take effect? Do I have to do that for every service?

As you can tell, I am pretty confused by all of this. Any clarity would be greatly appreciated.

Be the first one to answer this question.