I wanted to increase the bantime of repeat offenders getting caught by fail2ban. I added the following lines at the top of /etc/fail2ban/jail.local and fail2ban.local
[DEFAULTS]
bantime.increment = true
bantime.factor = 1
bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor
But it doesn't seem to be working. Here's a part of the log
2022-02-12 12:18:11,869 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:18:11
2022-02-12 12:18:11,888 fail2ban.actions [744]: NOTICE [postfix-sasl] Ban 193.56.29.112
2022-02-12 12:28:11,985 fail2ban.actions [744]: NOTICE [postfix-sasl] Unban 193.56.29.112
2022-02-12 12:28:29,103 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:28:29
2022-02-12 12:36:15,501 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:36:15
2022-02-12 12:36:15,928 fail2ban.actions [744]: NOTICE [postfix-sasl] Ban 193.56.29.112
2022-02-12 12:46:16,257 fail2ban.actions [744]: NOTICE [postfix-sasl] Unban 193.56.29.112
2022-02-12 12:46:42,148 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:46:42
Could there be something overriding this? How can I find out?
My server is Ubuntu 20.04
Best Answer
Bantime increment facility is released with fail2ban 0.11, so if you see 0.11.x by
fail2ban-client --versionit must work.As for the issue, please read the mans attentively (what exactly and where exactly you've to specify that).
Anyway you have to set
bantime.increment = truein/etc/fail2ban/jail.local(not in/etc/fail2ban/fail2ban.*) for certain jail(s) or even in DEFAULT section, if must be valid for all jails.Take careful look at your jail.conf, do you see
Sin default section name?Thus remove the
Slike in this diff and it'd work...(and you don't need to set
bantime.factorandbantime.formulasince they seem to be default values).