https://www.jimdiroffii.com/tags/fail2ban/Recent content in Fail2ban on Jim Diroff IIHugoen-USMon, 16 Feb 2026 00:00:01 -0500https://www.jimdiroffii.com/posts/2026/02/365-days-of-code-day-027-2026/Mon, 16 Feb 2026 00:00:01 -0500https://www.jimdiroffii.com/posts/2026/02/365-days-of-code-day-027-2026/<p>Following up from yesterday&rsquo;s server administration, I checked on my recidive jail, and found that no clients had been banned. This was clearly an error since I could manually check the logs and see many repeat offenders. There was one change I had to make to the configuration.</p> <div class="code-block not-prose group relative my-6 overflow-hidden rounded-lg bg-[#02000f]" data-lang="ini" > <div class="flex items-center justify-between px-4 py-2 bg-slate-950/40 border-b border-white/10" > <span class="text-md font-mono uppercase tracking-wider text-slate-300" >ini</span > <button class="copy-button p-2 rounded-md text-slate-400 hover:text-white hover:bg-slate-700/50 transition-all duration-200" aria-label="Copy to Clipboard" type="button" > <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <rect x="9" y="9" width="13" height="13" rx="2" ry="2"></rect> <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1" ></path> </svg> </button> </div> <pre class="code-raw sr-only">[recidive] enabled = true filter = recidive logpath = /var/log/fail2ban.log backend = polling # &lt;--- Add this line findtime = 1d maxretry = 2 bantime = 1y</pre> <div class="overflow-x-auto my-2"><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[recidive]</span> </span></span><span class="line"><span class="cl"><span class="na">enabled</span> <span class="o">=</span> <span class="s">true</span> </span></span><span class="line"><span class="cl"><span class="na">filter</span> <span class="o">=</span> <span class="s">recidive</span> </span></span><span class="line"><span class="cl"><span class="na">logpath</span> <span class="o">=</span> <span class="s">/var/log/fail2ban.log</span> </span></span><span class="line"><span class="cl"><span class="na">backend</span> <span class="o">=</span> <span class="s">polling # &lt;--- Add this line</span> </span></span><span class="line"><span class="cl"><span class="na">findtime</span> <span class="o">=</span> <span class="s">1d</span> </span></span><span class="line"><span class="cl"><span class="na">maxretry</span> <span class="o">=</span> <span class="s">2</span> </span></span><span class="line"><span class="cl"><span class="na">bantime</span> <span class="o">=</span> <span class="s">1y</span></span></span></code></pre></td></tr></table> </div> </div></div> </div> <p>By default, fail2ban was using the systemd journal to find repeat offenders, but the log is being stored in fail2ban&rsquo;s own log. It was necessary to add <code>backend = polling</code> to the configuration to force f2b to read its own log file.</p>https://www.jimdiroffii.com/posts/2026/02/365-days-of-code-day-026-2026/Sun, 15 Feb 2026 00:00:01 -0500https://www.jimdiroffii.com/posts/2026/02/365-days-of-code-day-026-2026/Hardening Server Deployments: Securing GitHub Actions with Least Privilege