shadowsocks-org icon indicating copy to clipboard operation
shadowsocks-org copied to clipboard
verified publisher icon shadowsocks

Cannot make the fail2ban setup guide work with systemd journal

Open 402PaymentReq opened this issue 2 years ago • 0 comments

Debian 12.1 (systemd journal is default) fail2ban version 1.0.2

Trying to make fail2ban filter + jail work. Shadowsocks authentication errors in logs match filter regex correctly. fail2ban is up, nothing unusual in logs. But "fail2ban-client status shadowsocks-libev" fails to reflect failures to authenticate (sshd jail does work correctly, though)

  • Changes in jail.conf:

[DEFAULT] backend = systemd

  • Shadowsocks filter:

[INCLUDES] before = common.conf

[Definition] _daemon = ss-server failregex = ^\w+\s+\d+ \d+:\d+:\d+\s+%(__prefix_line)sERROR:\s+failed to handshake with <HOST>: authentication error$ ignoreregex = datepattern = %%Y-%%m-%%d %%H:%%M:%%S journalmatch = _SYSTEMD_UNIT=shadowsocks-libev.service

  • Shadowsocks jail:

[shadowsocks-libev] enabled = true filter = shadowsocks-libev port = 8839

maxretry = 3 findtime = 3600 bantime = 3600

What am I doing wrong? Thanks!

402PaymentReq avatar Jul 30 '23 15:07 402PaymentReq