I wanted to increase the bantime of repeat offenders getting caught by fail2ban. I added the following lines at the top of /etc/fail2ban/jail.local and fail2ban.local
[DEFAULTS]
bantime.increment = true
bantime.factor = 1
bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor
But it doesn't seem to be working. Here's a part of the log
2022-02-12 12:18:11,869 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:18:11
2022-02-12 12:18:11,888 fail2ban.actions [744]: NOTICE [postfix-sasl] Ban 193.56.29.112
2022-02-12 12:28:11,985 fail2ban.actions [744]: NOTICE [postfix-sasl] Unban 193.56.29.112
2022-02-12 12:28:29,103 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:28:29
2022-02-12 12:36:15,501 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:36:15
2022-02-12 12:36:15,928 fail2ban.actions [744]: NOTICE [postfix-sasl] Ban 193.56.29.112
2022-02-12 12:46:16,257 fail2ban.actions [744]: NOTICE [postfix-sasl] Unban 193.56.29.112
2022-02-12 12:46:42,148 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:46:42
Could there be something overriding this? How can I find out?
My server is Ubuntu 20.04
Best Answer
Bantime increment facility is released with fail2ban 0.11, so if you see 0.11.x by
fail2ban-client --version
it must work.As for the issue, please read the mans attentively (what exactly and where exactly you've to specify that).
Anyway you have to set
bantime.increment = true
in/etc/fail2ban/jail.local
(not in/etc/fail2ban/fail2ban.*
) for certain jail(s) or even in DEFAULT section, if must be valid for all jails.Take careful look at your jail.conf, do you see
S
in default section name?Thus remove the
S
like in this diff and it'd work...(and you don't need to set
bantime.factor
andbantime.formula
since they seem to be default values).