# fail2ban does not block?

## michaelk

Hi everyone,

I have 2 machines configured identically but on one of them I just can't get fail2ban

to block ssh brute force attempts.

(I don't see it in the fail2ban.log)

 *Quote:*   

> # fail2ban-client status                                                                
> 
> Status
> 
> |- Number of jail:      1
> ...

 

Any hints why it does not work?

Thanks in advance

MichaelLast edited by michaelk on Mon May 05, 2008 11:25 am; edited 1 time in total

----------

## lcj

I had this after security patches made to fail2ban (DoS condition). I was evaluating both fail2ban and denyhosts, maybe you check if denyhosts will do the job.

----------

## michaelk

The strange thing is that it works on the other machine which is identical patch level....

I would just want to know why it fails....

B.T.W The only jail I have configured is:

 *Quote:*   

> [ssh-iptables]
> 
> enabled  = true
> 
> filter   = sshd
> ...

 

//Michael

----------

## lcj

Yeah, same thing happened to me (difference was hostname and IP). Anyway, I'm not saying it is the solution to your problem; just an alternative.

----------

## michaelk

I'll try out denyhosts and see if it's more stable...

Thanks!

Michael

----------

## tallica

Hello,

I had similar problem with fail2ban-0.8.0-r1... but it seems that fail2ban-0.8.2 works OK for me.

----------

## michaelk

I think I've managed to narrow down what's going wrong but

don't know how to fix this   :Sad: 

 *Quote:*   

> # fail2ban-client -v start
> 
> INFO   Using socket file /tmp/fail2ban.sock
> 
> INFO   [#         ] Waiting on the server...2008-05-06 20:21:10,957 fail2ban.server : INFO   Starting Fail2ban
> ...

 

Any hints why python complains about the "coding" line? I don't get this error on the

the other machine where it works....

//Michael

B.T.W tried the other versions but runs into the same problem.

 *Quote:*   

> # equery l fail2ban
> 
> [ Searching for package 'fail2ban' in all categories among: ]
> 
>  * installed packages
> ...

 

----------

## michaelk

I think I've solved it   :Very Happy: 

Had a few strange permissions under /usr/lib/python2.4/encodings 

//Michael

----------

