[How to] Fail2ban on CentOS 7

A Former User

@Danp said:

Seems like Fail2Ban stops logging after a log rotation. Anyone else run into this?

I don't think Fail2ban likes log rotate.

Danp

@thecreativeone91 said:

I don't think Fail2ban likes log rotate.

Looks that way. I found this, but it's for an older version of both F2B and Centos.

Danp

Added "copytruncate" to the F2B logrotate configuration file and then ran a manual log rotation. Seemed to work ok (system is still logging to fail2ban.log), but I will continue to monitor.

Sparkum

When I do

fail2ban-client status sshd

I get

[root@dc fail2ban]# fail2ban-client status sshd
ERROR NOK: ('sshd',)
Sorry but the jail 'sshd' does not exist

When I check the audit logs I get logs....

Danp

@Sparkum What do you get when you enter the following?:

fail2ban-client status

Sparkum

@Danp

[root@dc fail2ban]# fail2ban-client status
Status
|- Number of jail: 0
`- Jail list:

Danp

Did you follow the steps and create the jail.local file?

Sparkum

@Danp

Yep

Sparkum

Noticed the problem happened below.

Changed "enabled" to "enable" and looks like it works.

Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| - File list: /var/log/secure - Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:

Much appreciated thanks

Danp

@Sparkum That's strange, b/c I believe "enabled" is the correct entry.