Please help me configure it correctly fail2ban.
My desire is to set up this and check it correctly.
For the current settings, today every 11 minutes there is a brute-force search of passwords from the address 195.133.40.139
Why does he sneak through the setting fail2ban
# "bantime" is the number of seconds that a host is banned.
bantime = 10m
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 10m
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
How is the panel setting related and
why is it jail.local if indicates the time of detection 86400 (24h)
skips brute force attempts every 11 minutes
The category name “RECIDIVE” does not exist in HestiaCP yet. Maybe that’s why it doesn’t show bans. You can use an already used one:
action = hestia[name=HESTIA]
Or as I do, use an unused one so you can differentiate it in the list of blocked IPs:
action = hestia[name=DB]
How do I understand?
There is a category but it does not work
Or if the configuration file contains a category then it is
Please tell us more about this, please
I’ve had HestiaCP installed for a couple of years now and I didn’t realise that “hestia[name=RECIDIVE]” is the default action.
What I am trying to explain is that if you try to ban an IP manually from the panel (https://sub.domain.tld:8083/add/firewall/banlist/), the category name “RECIDIVE” does not appear in the drop down menu. This could cause an error when adding a rule to the firewall, or it could be that the rule is added but then the panel does not show it in the list (https://sub.domain.tld:8083/list/firewall/banlist/).
What I am trying to find out is if using “hestia[name=RECIDIVE]” in recidive filter, then the name “RECIDIVE” appears in the “Comment” IPs list column banned by Fail2ban.