fail2ban find matches, but does not ban

Solution 1:

Most probably you don't have pyinotify installed on your system which cause fail2ban to fail getting log file modifications. I had the same problem and fixed it using this.

1.

Install pyinotify

yum install python-inotify

2.

Once it's installed, edit your jail.local and put

[myjail]
...
backend = pyinotify
...

3.

systemctl restart fail2ban

Solution 2:

Not exactly the solution to the above problem but it may will help others that come here:

For me the problem was, that fail2ban was watching the wrong logfile.

My nginx jails did not work since they used logpath = %(nginx_error_log)s which is /var/log/nginx/error.log. However, all accesses, including 4xx and 5xx, were logged to /var/log/nginx/access.log.

Exchanging %(nginx_error_log)s with %(nginx_access_log)s fixed it.

To see which log file a jail uses you can inspect the startup message of /var/log/fail2ban.log:

Creating new jail 'nginx-http-auth'
Jail 'nginx-http-auth' uses pyinotify {}
Initiated 'pyinotify' backend
Added logfile: '/var/log/nginx/error.log' (pos = 0, hash = da39a3ee5e6b4b0d3255bfef95601890afd80709)