Bug 1183955

Summary:	Fail2Ban inconsistently banning
Product:	[Fedora] Fedora	Reporter:	frollic nilsson <frollic>
Component:	fail2ban	Assignee:	Orion Poplawski <orion>
Status:	CLOSED EOL	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	20	CC:	Axel.Thimm, erik_squires, extras-qa, frollic, jonathan.underwood, orion, steven.chapel, toby, urkedal, vonsch
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:	712701	Environment:
Last Closed:	2015-06-30 01:15:39 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description frollic nilsson 2015-01-20 09:38:49 UTC

+++ This bug was initially created as a clone of Bug #712701 +++

Description of problem:
Using default sshd.conf filters, Fail2Ban soemtimes bans and sometimes does not ban an address.  


Version-Release number of selected component (if applicable):

0.8.4-27
How reproducible:
30% of the time. 

Steps to Reproduce:
1.  Configure Fail2Ban for SSHD per instructiosn.  SSHD is enabled out of the box.
2.  Resolve SELinux alerts, or set backend=gamin in jail.conf (both work the same for the purposes of this report)
3.  Watch your /var/log/secure entries.  (see enclosed sample. in this case, 217.149.194.173 was never banned.  fail2ban-regex finds all of these entries though. 
  
Actual results:
Fail2Ban sometimes bans, and sometimes does not ban SSH break in attempts

Expected results:
Fail2Ban should always ban break in attempts that exceed the configuration settings.

Additional info:

fail2ban-regex finds all the entries. 

From Jail.conf:
[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban]
logpath  = /var/log/secure
maxretry = 5

--- Additional comment from Steve Chapel on 2011-08-18 06:25:13 EDT ---

I have the same problem using fail2ban 0.8.4-27 on Fedora 15. Nearly every day I see hundreds of SSH login attempts because fail2ban is not banning some IPs.

--- Additional comment from Fedora End Of Life on 2013-04-03 09:47:18 EDT ---

This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

--- Additional comment from Adam Tkac on 2013-12-03 09:38:17 EST ---

Is this issue still reproducible for you with the latest fail2ban? If yes, can you please attach your /var/log/secure with log entries which indicate break-in-attempt and aren't banned? Thank you in advance.

--- Additional comment from frollic nilsson on 2014-02-03 03:35:44 EST ---

I've got fail2ban-0.8.11-2 installed, and it seems to miss/trigger
log entries with:

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root


I'm new to f2b, but it seems the regex in the sshd.conf doesn't match the output of /var/log/secure

[root@atlantis log]# cat secure | grep 81.215.12.106
Feb  2 21:43:46 atlantis sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:49 atlantis sshd[16001]: Failed password for root from 81.215.12.106 port 63032 ssh2
Feb  2 21:43:50 atlantis sshd[16001]: Received disconnect from 81.215.12.106: 11:  [preauth]
Feb  2 21:43:56 atlantis sshd[16005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:56 atlantis sshd[16014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:57 atlantis sshd[16005]: Failed password for root from 81.215.12.106 port 63365 ssh2
Feb  2 21:43:58 atlantis sshd[16007]: Failed password for root from 81.215.12.106 port 63368 ssh2
Feb  2 21:43:58 atlantis sshd[16004]: Failed password for root from 81.215.12.106 port 63364 ssh2
Feb  2 21:43:58 atlantis sshd[16003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:43:58 atlantis sshd[16008]: Failed password for root from 81.215.12.106 port 63369 ssh2
Feb  2 21:43:58 atlantis sshd[16006]: Failed password for root from 81.215.12.106 port 63366 ssh2
Feb  2 21:43:58 atlantis sshd[16009]: Failed password for root from 81.215.12.106 port 63361 ssh2
Feb  2 21:43:58 atlantis sshd[16010]: Failed password for root from 81.215.12.106 port 63363 ssh2
Feb  2 21:43:58 atlantis sshd[16013]: Failed password for root from 81.215.12.106 port 63367 ssh2
Feb  2 21:43:58 atlantis sshd[16014]: Failed password for root from 81.215.12.106 port 63370 ssh2
Feb  2 21:44:00 atlantis sshd[16003]: Failed password for root from 81.215.12.106 port 63362 ssh2
Feb  2 21:44:01 atlantis sshd[16005]: Failed password for root from 81.215.12.106 port 63365 ssh2
Feb  2 21:44:01 atlantis sshd[16007]: Failed password for root from 81.215.12.106 port 63368 ssh2
Feb  2 21:44:01 atlantis sshd[16004]: Failed password for root from 81.215.12.106 port 63364 ssh2
Feb  2 21:44:01 atlantis sshd[16008]: Failed password for root from 81.215.12.106 port 63369 ssh2
Feb  2 21:44:01 atlantis sshd[16006]: Failed password for root from 81.215.12.106 port 63366 ssh2
Feb  2 21:44:01 atlantis sshd[16010]: Failed password for root from 81.215.12.106 port 63363 ssh2
Feb  2 21:44:01 atlantis sshd[16009]: Failed password for root from 81.215.12.106 port 63361 ssh2
Feb  2 21:44:01 atlantis sshd[16013]: Failed password for root from 81.215.12.106 port 63367 ssh2
Feb  2 21:44:02 atlantis sshd[16014]: Failed password for root from 81.215.12.106 port 63370 ssh2
Feb  2 21:44:03 atlantis sshd[16003]: Failed password for root from 81.215.12.106 port 63362 ssh2
Feb  2 21:44:04 atlantis sshd[16005]: Failed password for root from 81.215.12.106 port 63365 ssh2
Feb  2 21:44:04 atlantis sshd[16007]: Failed password for root from 81.215.12.106 port 63368 ssh2
Feb  2 21:44:04 atlantis sshd[16004]: Failed password for root from 81.215.12.106 port 63364 ssh2
Feb  2 21:44:04 atlantis sshd[16008]: Failed password for root from 81.215.12.106 port 63369 ssh2
Feb  2 21:44:04 atlantis sshd[16006]: Failed password for root from 81.215.12.106 port 63366 ssh2
Feb  2 21:44:04 atlantis sshd[16009]: Failed password for root from 81.215.12.106 port 63361 ssh2
Feb  2 21:44:04 atlantis sshd[16010]: Failed password for root from 81.215.12.106 port 63363 ssh2
Feb  2 21:44:04 atlantis sshd[16013]: Failed password for root from 81.215.12.106 port 63367 ssh2
Feb  2 21:44:05 atlantis sshd[16014]: Failed password for root from 81.215.12.106 port 63370 ssh2
Feb  2 21:44:06 atlantis sshd[16003]: Failed password for root from 81.215.12.106 port 63362 ssh2
Feb  2 21:44:07 atlantis sshd[16005]: Failed password for root from 81.215.12.106 port 63365 ssh2
Feb  2 21:44:07 atlantis sshd[16007]: Failed password for root from 81.215.12.106 port 63368 ssh2
Feb  2 21:44:07 atlantis sshd[16004]: Failed password for root from 81.215.12.106 port 63364 ssh2
Feb  2 21:44:07 atlantis sshd[16008]: Failed password for root from 81.215.12.106 port 63369 ssh2
Feb  2 21:44:07 atlantis sshd[16009]: Failed password for root from 81.215.12.106 port 63361 ssh2
Feb  2 21:44:07 atlantis sshd[16010]: Failed password for root from 81.215.12.106 port 63363 ssh2
Feb  2 21:44:07 atlantis sshd[16006]: Failed password for root from 81.215.12.106 port 63366 ssh2
Feb  2 21:44:07 atlantis sshd[16013]: Failed password for root from 81.215.12.106 port 63367 ssh2
Feb  2 21:44:09 atlantis sshd[16003]: Failed password for root from 81.215.12.106 port 63362 ssh2
Feb  2 21:44:09 atlantis sshd[16014]: Failed password for root from 81.215.12.106 port 63370 ssh2
Feb  2 21:44:10 atlantis sshd[16005]: Failed password for root from 81.215.12.106 port 63365 ssh2
Feb  2 21:44:11 atlantis sshd[16007]: Failed password for root from 81.215.12.106 port 63368 ssh2
Feb  2 21:44:11 atlantis sshd[16009]: Failed password for root from 81.215.12.106 port 63361 ssh2
Feb  2 21:44:11 atlantis sshd[16010]: Failed password for root from 81.215.12.106 port 63363 ssh2
Feb  2 21:44:11 atlantis sshd[16004]: Failed password for root from 81.215.12.106 port 63364 ssh2
Feb  2 21:44:11 atlantis sshd[16006]: Failed password for root from 81.215.12.106 port 63366 ssh2
Feb  2 21:44:11 atlantis sshd[16008]: Failed password for root from 81.215.12.106 port 63369 ssh2
Feb  2 21:44:12 atlantis sshd[16013]: Failed password for root from 81.215.12.106 port 63367 ssh2
Feb  2 21:44:13 atlantis sshd[16003]: Failed password for root from 81.215.12.106 port 63362 ssh2
Feb  2 21:44:13 atlantis sshd[16014]: Failed password for root from 81.215.12.106 port 63370 ssh2
Feb  2 21:44:14 atlantis sshd[16005]: Failed password for root from 81.215.12.106 port 63365 ssh2
Feb  2 21:44:14 atlantis sshd[16005]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:14 atlantis sshd[16007]: Failed password for root from 81.215.12.106 port 63368 ssh2
Feb  2 21:44:14 atlantis sshd[16007]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:14 atlantis sshd[16009]: Failed password for root from 81.215.12.106 port 63361 ssh2
Feb  2 21:44:14 atlantis sshd[16009]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:14 atlantis sshd[16010]: Failed password for root from 81.215.12.106 port 63363 ssh2
Feb  2 21:44:14 atlantis sshd[16010]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:14 atlantis sshd[16004]: Failed password for root from 81.215.12.106 port 63364 ssh2
Feb  2 21:44:14 atlantis sshd[16004]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:14 atlantis sshd[16006]: Failed password for root from 81.215.12.106 port 63366 ssh2
Feb  2 21:44:14 atlantis sshd[16006]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:15 atlantis sshd[16008]: Failed password for root from 81.215.12.106 port 63369 ssh2
Feb  2 21:44:15 atlantis sshd[16008]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:15 atlantis sshd[16013]: Failed password for root from 81.215.12.106 port 63367 ssh2
Feb  2 21:44:15 atlantis sshd[16013]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:16 atlantis sshd[16003]: Failed password for root from 81.215.12.106 port 63362 ssh2
Feb  2 21:44:16 atlantis sshd[16003]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
Feb  2 21:44:16 atlantis sshd[16014]: Failed password for root from 81.215.12.106 port 63370 ssh2
Feb  2 21:44:16 atlantis sshd[16014]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root

--- Additional comment from frollic nilsson on 2014-02-03 03:47:15 EST ---

[root@atlantis filter.d]# fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf --print-all-missed

Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/sshd.conf
Use         log file : /var/log/secure


Results
=======

Failregex: 131 total
|-  #) [# of hits] regular expression
|   3) [123] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*Failed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ (?:[\da-f]{2}:){15}[\da-f]{2}(, client user ".*", client host ".*")?))?\s*$
|   5) [8] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [274] MONTH Day Hour:Minute:Second
`-

Lines: 274 lines, 0 ignored, 131 matched, 143 missed
|- Missed line(s):
|  Feb  2 03:59:01 atlantis sshd[25739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.174.116.245  user=root
|  Feb  2 03:59:03 atlantis sshd[25739]: Received disconnect from 187.174.116.245: 11: Bye Bye [preauth]
|  Feb  2 03:59:05 atlantis sshd[25756]: input_userauth_request: invalid user jack [preauth]
|  Feb  2 03:59:05 atlantis sshd[25756]: pam_unix(sshd:auth): check pass; user unknown
|  Feb  2 03:59:05 atlantis sshd[25756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.174.116.245
|  Feb  2 03:59:07 atlantis sshd[25756]: Received disconnect from 187.174.116.245: 11: Bye Bye [preauth]
|  Feb  2 03:59:08 atlantis sshd[25758]: input_userauth_request: invalid user ibsadmin [preauth]
|  Feb  2 03:59:08 atlantis sshd[25758]: pam_unix(sshd:auth): check pass; user unknown
|  Feb  2 03:59:08 atlantis sshd[25758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.174.116.245
|  Feb  2 03:59:10 atlantis sshd[25758]: Received disconnect from 187.174.116.245: 11: Bye Bye [preauth]
|  Feb  2 04:13:22 atlantis sshd[26176]: input_userauth_request: invalid user test [preauth]
|  Feb  2 04:13:22 atlantis sshd[26176]: pam_unix(sshd:auth): check pass; user unknown
|  Feb  2 04:13:22 atlantis sshd[26176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.85.90.245
|  Feb  2 04:13:24 atlantis sshd[26176]: Received disconnect from 222.85.90.245: 11: Bye Bye [preauth]
|  Feb  2 04:13:28 atlantis sshd[26182]: input_userauth_request: invalid user test [preauth]
|  Feb  2 04:13:28 atlantis sshd[26182]: pam_unix(sshd:auth): check pass; user unknown
|  Feb  2 04:13:28 atlantis sshd[26182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.85.90.245
|  Feb  2 04:13:30 atlantis sshd[26182]: Received disconnect from 222.85.90.245: 11: Bye Bye [preauth]
|  Feb  2 07:19:21 atlantis sshd[30536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.62.71  user=root
|  Feb  2 07:19:35 atlantis sshd[30536]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 07:19:35 atlantis sshd[30536]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.62.71  user=root
|  Feb  2 07:19:35 atlantis sshd[30536]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 08:15:50 atlantis sshd[31716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.147.70.122  user=root
|  Feb  2 08:16:04 atlantis sshd[31716]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 08:16:04 atlantis sshd[31716]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.147.70.122  user=root
|  Feb  2 08:16:04 atlantis sshd[31716]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 10:09:47 atlantis sshd[1634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.22.131  user=root
|  Feb  2 10:10:01 atlantis sshd[1634]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 10:10:01 atlantis sshd[1634]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.22.131  user=root
|  Feb  2 10:10:01 atlantis sshd[1634]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 11:32:58 atlantis sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.62.21  user=root
|  Feb  2 11:33:13 atlantis sshd[3357]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 11:33:13 atlantis sshd[3357]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.62.21  user=root
|  Feb  2 11:33:13 atlantis sshd[3357]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 12:04:06 atlantis sshd[4017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.22.144  user=root
|  Feb  2 12:04:22 atlantis sshd[4017]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 12:04:22 atlantis sshd[4017]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.22.144  user=root
|  Feb  2 12:04:22 atlantis sshd[4017]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 13:25:33 atlantis sshd[5709]: Did not receive identification string from 198.20.99.130
|  Feb  2 13:27:48 atlantis sshd[5751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.248.143.169  user=root
|  Feb  2 13:27:50 atlantis sshd[5751]: Received disconnect from 203.248.143.169: 11: Bye Bye [preauth]
|  Feb  2 13:27:53 atlantis sshd[5753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.248.143.169  user=root
|  Feb  2 13:27:55 atlantis sshd[5753]: Received disconnect from 203.248.143.169: 11: Bye Bye [preauth]
|  Feb  2 13:27:58 atlantis sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.248.143.169  user=root
|  Feb  2 13:28:00 atlantis sshd[5755]: Received disconnect from 203.248.143.169: 11: Bye Bye [preauth]
|  Feb  2 13:28:02 atlantis sshd[5771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.248.143.169  user=root
|  Feb  2 13:28:04 atlantis sshd[5771]: Received disconnect from 203.248.143.169: 11: Bye Bye [preauth]
|  Feb  2 14:32:32 atlantis sshd[7110]: Did not receive identification string from 162.248.244.4
|  Feb  2 16:25:04 atlantis sshd[9413]: Did not receive identification string from 182.73.175.234
|  Feb  2 16:44:26 atlantis sshd[9787]: Accepted password for frollic from 192.168.10.4 port 49397 ssh2
|  Feb  2 16:44:26 atlantis sshd[9787]: pam_unix(sshd:session): session opened for user frollic by (uid=0)
|  Feb  2 16:47:00 atlantis sshd[9787]: pam_unix(sshd:session): session closed for user frollic
|  Feb  2 18:06:18 atlantis sshd[11464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.11.76.49  user=root
|  Feb  2 18:06:24 atlantis sshd[11464]: Connection closed by 121.11.76.49 [preauth]
|  Feb  2 18:06:24 atlantis sshd[11464]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.11.76.49  user=root
|  Feb  2 19:42:25 atlantis sshd[13391]: Did not receive identification string from 124.173.121.124
|  Feb  2 20:25:11 atlantis sshd[14260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.76.58.153  user=root
|  Feb  2 20:25:14 atlantis sshd[14260]: Received disconnect from 64.76.58.153: 11: Bye Bye [preauth]
|  Feb  2 20:25:15 atlantis sshd[14262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.76.58.153  user=root
|  Feb  2 20:25:17 atlantis sshd[14262]: Received disconnect from 64.76.58.153: 11: Bye Bye [preauth]
|  Feb  2 20:25:18 atlantis sshd[14264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.76.58.153  user=root
|  Feb  2 20:25:21 atlantis sshd[14264]: Received disconnect from 64.76.58.153: 11: Bye Bye [preauth]
|  Feb  2 20:25:22 atlantis sshd[14266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.76.58.153  user=root
|  Feb  2 20:25:24 atlantis sshd[14266]: Received disconnect from 64.76.58.153: 11: Bye Bye [preauth]
|  Feb  2 20:37:19 atlantis sshd[14602]: Accepted password for frollic from 192.168.10.85 port 49992 ssh2
|  Feb  2 20:37:19 atlantis sshd[14602]: pam_unix(sshd:session): session opened for user frollic by (uid=0)
|  Feb  2 21:16:18 atlantis sshd[15413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.173.121.124  user=root
|  Feb  2 21:16:40 atlantis sshd[15413]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:16:40 atlantis sshd[15413]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.173.121.124  user=root
|  Feb  2 21:16:45 atlantis sshd[15439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.173.121.124  user=root
|  Feb  2 21:16:47 atlantis sshd[15439]: Connection closed by 124.173.121.124 [preauth]
|  Feb  2 21:43:46 atlantis sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:50 atlantis sshd[16001]: Received disconnect from 81.215.12.106: 11:  [preauth]
|  Feb  2 21:43:56 atlantis sshd[16005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:56 atlantis sshd[16014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:43:58 atlantis sshd[16003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16005]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:14 atlantis sshd[16005]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16005]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:14 atlantis sshd[16007]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:14 atlantis sshd[16007]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16007]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:14 atlantis sshd[16009]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:14 atlantis sshd[16009]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16009]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:14 atlantis sshd[16010]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:14 atlantis sshd[16010]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16010]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:14 atlantis sshd[16004]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:14 atlantis sshd[16004]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16004]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:14 atlantis sshd[16006]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:14 atlantis sshd[16006]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:14 atlantis sshd[16006]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:15 atlantis sshd[16008]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:15 atlantis sshd[16008]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:15 atlantis sshd[16008]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:15 atlantis sshd[16013]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:15 atlantis sshd[16013]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:15 atlantis sshd[16013]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:16 atlantis sshd[16003]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:16 atlantis sshd[16003]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:16 atlantis sshd[16003]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 21:44:16 atlantis sshd[16014]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  2 21:44:16 atlantis sshd[16014]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.215.12.106  user=root
|  Feb  2 21:44:16 atlantis sshd[16014]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  2 22:16:39 atlantis sshd[14602]: pam_unix(sshd:session): session closed for user frollic
|  Feb  3 00:22:24 atlantis sshd[19375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.62.75  user=root
|  Feb  3 00:22:40 atlantis sshd[19375]: Disconnecting: Too many authentication failures for root [preauth]
|  Feb  3 00:22:40 atlantis sshd[19375]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.62.75  user=root
|  Feb  3 00:22:40 atlantis sshd[19375]: PAM service(sshd) ignoring max retries; 6 > 3
|  Feb  3 01:14:19 atlantis sshd[20468]: Did not receive identification string from 50.57.118.200
|  Feb  3 01:14:45 atlantis sshd[20469]: input_userauth_request: invalid user default [preauth]
|  Feb  3 01:14:45 atlantis sshd[20469]: pam_unix(sshd:auth): check pass; user unknown
|  Feb  3 01:14:45 atlantis sshd[20469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.57.118.200
|  Feb  3 01:14:47 atlantis sshd[20469]: Connection closed by 50.57.118.200 [preauth]
|  Feb  3 01:14:47 atlantis sshd[20471]: input_userauth_request: invalid user admin [preauth]
|  Feb  3 01:14:47 atlantis sshd[20471]: pam_unix(sshd:auth): check pass; user unknown
|  Feb  3 01:14:47 atlantis sshd[20471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.57.118.200
|  Feb  3 01:14:50 atlantis sshd[20471]: Connection closed by 50.57.118.200 [preauth]
|  Feb  3 07:46:25 atlantis sshd[28957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.11.76.49  user=root
|  Feb  3 07:46:30 atlantis sshd[28957]: Connection closed by 121.11.76.49 [preauth]
|  Feb  3 07:46:30 atlantis sshd[28957]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.11.76.49  user=root
|  Feb  3 08:56:44 atlantis sshd[30353]: Accepted password for frollic from 131.165.63.132 port 23733 ssh2
|  Feb  3 08:56:44 atlantis sshd[30353]: pam_unix(sshd:session): session opened for user frollic by (uid=0)
|  Feb  3 08:56:46 atlantis su: pam_unix(su-l:session): session opened for user root by frollic(uid=1000)
|  Feb  3 09:28:41 atlantis sshd[31075]: pam_unix(sshd:auth): authentication fa lure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.211.219  user=root
|  Feb  3 09:28:43 atlantis sshd[31075]: Received disconnect from 172.245.211.2 9: 11: Bye Bye [preauth]
|  Feb  3 09:28:44 atlantis sshd[31077]: input_userauth_request: invalid user g t [preauth]
|  Feb  3 09:28:44 atlantis sshd[31077]: pam_unix(sshd:auth): check pass; user  nknown
|  Feb  3 09:28:44 atlantis sshd[31077]: pam_unix(sshd:auth): authentication fa lure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.211.219
|  Feb  3 09:28:45 atlantis sshd[31077]: Received disconnect from 172.245.211.2 9: 11: Bye Bye [preauth]
|  Feb  3 09:28:46 atlantis sshd[31079]: input_userauth_request: invalid user g t [preauth]
|  Feb  3 09:28:46 atlantis sshd[31079]: pam_unix(sshd:auth): check pass; user  nknown
|  Feb  3 09:28:46 atlantis sshd[31079]: pam_unix(sshd:auth): authentication fa lure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.211.219
|  Feb  3 09:28:49 atlantis sshd[31079]: Received disconnect from 172.245.211.2 9: 11: Bye Bye [preauth]
`-
[root@atlantis filter.d]#


I'm also attaching a copy of the /var/log/secure the above test was ran on.

--- Additional comment from frollic nilsson on 2014-02-03 03:48:02 EST ---



--- Additional comment from Fedora End Of Life on 2015-01-09 11:41:42 EST ---

This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 1 frollic nilsson 2015-01-20 09:42:25 UTC

Please remove (or fix) fail2ban from repository, as it is now, it doesn't work at all....

As it is now, sshblacklist works *a lot* better than fail2ban, which pretty much does what the it's name sais - fails to ban.

(from my daily logwatch)
sshd:
    Authentication Failures:
       root (103.41.124.66): 11699 Time(s)
       root (62.210.180.171): 1119 Time(s)
       root (103.41.124.44): 632 Time(s)
       root (122.225.109.116): 393 Time(s)
       unknown (62.210.73.121): 302 Time(s)
       root (115.231.223.170): 234 Time(s)
       root (115.239.228.9): 220 Time(s)
       root (61.174.51.233): 164 Time(s)
       root (14.140.222.194): 134 Time(s)
       root (61.174.50.225): 97 Time(s)
       root (115.239.228.13): 78 Time(s)
       unknown (122.225.109.116): 64 Time(s)
       unknown (222.219.187.9): 61 Time(s)
       root (122.225.103.125): 58 Time(s)
       root (61.174.50.188): 46 Time(s)
       unknown (175.45.186.50): 39 Time(s)
       unknown (203.200.160.213): 39 Time(s)
       unknown (216.93.243.138): 39 Time(s)
       unknown (50.63.185.226): 39 Time(s)
       unknown (85.25.20.63): 39 Time(s)
       unknown (58.206.126.23): 37 Time(s)
       unknown (68.189.19.218): 33 Time(s)
       root (93.174.93.10): 23 Time(s)
       root (61.174.50.177): 18 Time(s)
       root (175.45.186.50): 15 Time(s)
       root (203.200.160.213): 15 Time(s)
       root (216.93.243.138): 15 Time(s)
       root (50.63.185.226): 15 Time(s)
       root (58.206.126.23): 15 Time(s)
       root (85.25.20.63): 15 Time(s)

Comment 2 Jonathan Underwood 2015-01-20 13:35:51 UTC

I think removing it from the repository would be a little bit of a knee jerk over reaction. It's working fine for me on F20:

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	1
|  |- Total failed:	316
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	2
   |- Total banned:	52
   `- Banned IP list:	183.136.216.3 115.239.228.13


So, it would be better to try and work out why it's not working for you.

Comment 3 Jonathan Underwood 2015-01-20 13:39:42 UTC

Which Fedora are you using, and what package version of fail2ban do you have installed?

Comment 4 Jonathan Underwood 2015-01-20 13:40:36 UTC

Also, why have you now opened two bugs with exactly the same information?

Comment 5 frollic nilsson 2015-01-20 14:00:55 UTC

fail2ban-0.9-2.fc20.noarch

I had to create a copy of the first report, becuse it was for F19, which is now (or at least soon) out of support.

AFAIK only the maintaner of the package can migrate a report between diff versions.

Comment 6 frollic nilsson 2015-01-20 14:25:12 UTC

for me, f2b's SSH-banning stopped working completely sometime around 2nd half of May last year.

http://imgbox.com/bDeijD2A

It might just be a bug, fixed in the original code of fail2ban, but in that case, there should be an update.

Comment 7 frollic nilsson 2015-01-20 14:27:16 UTC

sorry, wrong graph posted, please ignore it ....

Comment 8 Jonathan Underwood 2015-01-21 18:49:34 UTC

OK, I too am running fail2ban-0.9-2.fc20.noarch on an F20 machine, and my configuration is stock, with just this added in /etc/fail2ban/jail.d/jail.local:

[DEFAULT]
bantime = 36000
banaction = firewallcmd-new
backend = systemd

[sshd]
enabled = true


And, so far I haven't seen any issues. Can you detail your exact configuration?

Comment 9 Fedora Admin XMLRPC Client 2015-02-25 18:57:19 UTC

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 10 Orion Poplawski 2015-03-02 20:06:18 UTC

Can you try with 0.9.1-1.fc20 from updates-testing?

Comment 11 frollic nilsson 2015-03-03 06:41:33 UTC

Hi,

There's at least one bug in the fail2ban-0.9-2.fc20.noarch

When starting a fail2ban out of the box, you get
Mar 03 07:26:46 server.at.com fail2ban-client[16516]: WARNING Wrong value for 'loglevel' in 'Definition'. Using default one: ''INFO''

it's already been reported, and fixed at fail2ban - https://github.com/fail2ban/fail2ban/issues/657
https://github.com/fail2ban/fail2ban/commit/1470e3c01d49841335e11ed7ca7898516d1b8be8

if you then enable all filters (enable = true in jail.conf) you get a 
Mar 03 07:31:38 server.at.com fail2ban-client[16912]: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' warning.

It's described here. 
https://github.com/fail2ban/fail2ban/pull/858

I belive the enable = true also gave you a too many open files error in the /tmp folder, but I can't reproduce that one at the moment.

Comment 12 frollic nilsson 2015-03-03 06:49:56 UTC

When it comes to inconsistent banning, here's an example:

Mar  3 07:24:42 atlantis sshd[16405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:24:44 atlantis sshd[16405]: Failed password for root from 183.136.216.6 port 34299 ssh2
Mar  3 07:24:46 atlantis sshd[16405]: Failed password for root from 183.136.216.6 port 34299 ssh2
Mar  3 07:24:49 atlantis sshd[16405]: Failed password for root from 183.136.216.6 port 34299 ssh2
Mar  3 07:24:49 atlantis sshd[16405]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:24:49 atlantis sshd[16405]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:24:56 atlantis sshd[16407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:24:58 atlantis sshd[16407]: Failed password for root from 183.136.216.6 port 45254 ssh2
Mar  3 07:25:01 atlantis sshd[16407]: Failed password for root from 183.136.216.6 port 45254 ssh2
Mar  3 07:25:03 atlantis sshd[16407]: Failed password for root from 183.136.216.6 port 45254 ssh2
Mar  3 07:25:06 atlantis sshd[16407]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:25:06 atlantis sshd[16407]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:08 atlantis sshd[16428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:10 atlantis sshd[16428]: Failed password for root from 183.136.216.6 port 41172 ssh2
Mar  3 07:25:13 atlantis sshd[16428]: Failed password for root from 183.136.216.6 port 41172 ssh2
Mar  3 07:25:14 atlantis sshd[16428]: Failed password for root from 183.136.216.6 port 41172 ssh2
Mar  3 07:25:16 atlantis sshd[16428]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:25:16 atlantis sshd[16428]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:21 atlantis sshd[16431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:23 atlantis sshd[16431]: Failed password for root from 183.136.216.6 port 44662 ssh2
Mar  3 07:25:25 atlantis sshd[16431]: Failed password for root from 183.136.216.6 port 44662 ssh2
Mar  3 07:25:28 atlantis sshd[16431]: Failed password for root from 183.136.216.6 port 44662 ssh2
Mar  3 07:25:28 atlantis sshd[16431]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:25:28 atlantis sshd[16431]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:32 atlantis sshd[16434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:33 atlantis sshd[16434]: Failed password for root from 183.136.216.6 port 56576 ssh2
Mar  3 07:25:38 atlantis sshd[16434]: Failed password for root from 183.136.216.6 port 56576 ssh2
Mar  3 07:25:40 atlantis sshd[16434]: Failed password for root from 183.136.216.6 port 56576 ssh2
Mar  3 07:25:41 atlantis sshd[16434]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:25:41 atlantis sshd[16434]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:46 atlantis sshd[16438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:47 atlantis sshd[16438]: Failed password for root from 183.136.216.6 port 38419 ssh2
Mar  3 07:25:50 atlantis sshd[16438]: Failed password for root from 183.136.216.6 port 38419 ssh2
Mar  3 07:25:53 atlantis sshd[16438]: Failed password for root from 183.136.216.6 port 38419 ssh2
Mar  3 07:25:53 atlantis sshd[16438]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:25:53 atlantis sshd[16438]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:55 atlantis sshd[16440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:25:57 atlantis sshd[16440]: Failed password for root from 183.136.216.6 port 46992 ssh2
Mar  3 07:26:00 atlantis sshd[16440]: Failed password for root from 183.136.216.6 port 46992 ssh2
Mar  3 07:26:02 atlantis sshd[16440]: Failed password for root from 183.136.216.6 port 46992 ssh2
Mar  3 07:26:02 atlantis sshd[16440]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:26:02 atlantis sshd[16440]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:13 atlantis sshd[16456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:15 atlantis sshd[16456]: Failed password for root from 183.136.216.6 port 48534 ssh2
Mar  3 07:26:17 atlantis sshd[16456]: Failed password for root from 183.136.216.6 port 48534 ssh2
Mar  3 07:26:19 atlantis sshd[16456]: Failed password for root from 183.136.216.6 port 48534 ssh2
Mar  3 07:26:20 atlantis sshd[16456]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:26:20 atlantis sshd[16456]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:31 atlantis sshd[16486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:32 atlantis sshd[16486]: Failed password for root from 183.136.216.6 port 45865 ssh2
Mar  3 07:26:35 atlantis sshd[16486]: Failed password for root from 183.136.216.6 port 45865 ssh2
Mar  3 07:26:38 atlantis sshd[16486]: Failed password for root from 183.136.216.6 port 45865 ssh2
Mar  3 07:26:38 atlantis sshd[16486]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:26:38 atlantis sshd[16486]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:43 atlantis sshd[16507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:45 atlantis sshd[16507]: Failed password for root from 183.136.216.6 port 43484 ssh2
Mar  3 07:26:47 atlantis sshd[16507]: Failed password for root from 183.136.216.6 port 43484 ssh2
Mar  3 07:26:50 atlantis sshd[16507]: Failed password for root from 183.136.216.6 port 43484 ssh2
Mar  3 07:26:52 atlantis sshd[16507]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:26:52 atlantis sshd[16507]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:56 atlantis sshd[16523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:26:59 atlantis sshd[16523]: Failed password for root from 183.136.216.6 port 55185 ssh2
Mar  3 07:27:01 atlantis sshd[16523]: Failed password for root from 183.136.216.6 port 55185 ssh2
Mar  3 07:27:04 atlantis sshd[16523]: Failed password for root from 183.136.216.6 port 55185 ssh2
Mar  3 07:27:04 atlantis sshd[16523]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:27:04 atlantis sshd[16523]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:27:06 atlantis sshd[16549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:27:08 atlantis sshd[16549]: Failed password for root from 183.136.216.6 port 36867 ssh2
Mar  3 07:27:11 atlantis sshd[16549]: Failed password for root from 183.136.216.6 port 36867 ssh2
Mar  3 07:27:13 atlantis sshd[16549]: Failed password for root from 183.136.216.6 port 36867 ssh2
Mar  3 07:27:14 atlantis sshd[16549]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:27:14 atlantis sshd[16549]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:27:21 atlantis sshd[16560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:27:23 atlantis sshd[16560]: Failed password for root from 183.136.216.6 port 39205 ssh2
Mar  3 07:27:26 atlantis sshd[16560]: Failed password for root from 183.136.216.6 port 39205 ssh2
Mar  3 07:27:28 atlantis sshd[16560]: Failed password for root from 183.136.216.6 port 39205 ssh2
Mar  3 07:27:29 atlantis sshd[16560]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:27:29 atlantis sshd[16560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:27:45 atlantis sshd[16581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:27:47 atlantis sshd[16581]: Failed password for root from 183.136.216.6 port 57510 ssh2
Mar  3 07:27:50 atlantis sshd[16581]: Failed password for root from 183.136.216.6 port 57510 ssh2
Mar  3 07:27:52 atlantis sshd[16581]: Failed password for root from 183.136.216.6 port 57510 ssh2
Mar  3 07:27:53 atlantis sshd[16581]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:27:53 atlantis sshd[16581]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:28:02 atlantis sshd[16619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root
Mar  3 07:28:05 atlantis sshd[16619]: Failed password for root from 183.136.216.6 port 40176 ssh2
Mar  3 07:28:07 atlantis sshd[16619]: Failed password for root from 183.136.216.6 port 40176 ssh2
Mar  3 07:28:09 atlantis sshd[16619]: Failed password for root from 183.136.216.6 port 40176 ssh2
Mar  3 07:28:10 atlantis sshd[16619]: Received disconnect from 183.136.216.6: 11:  [preauth]
Mar  3 07:28:10 atlantis sshd[16619]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.6  user=root

the related params in jail.conf are set to

findtime  = 600  
maxretry = 5

Comment 13 Jonathan Underwood 2015-03-03 11:07:06 UTC

Again, which backend are you using? Having your full configuration would be very helpful to debugging this.

Comment 14 Orion Poplawski 2015-03-03 17:44:27 UTC

And can you please try 0.9.1-1.fc20 from updates-testing? 

https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20

Comment 15 frollic nilsson 2015-03-04 08:07:06 UTC

[abc@atlantis fail2ban]$ cat jail.conf | grep -v "#"
[INCLUDES]
before = paths-fedora.conf

[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime  = 2592000
findtime  = 600
maxretry = 5
backend = auto
usedns = no
logencoding = auto
enabled = false

filter = %(__name__)s

destemail = root@localhost

sender = root@localhost

mta = sendmail

protocol = tcp

chain = INPUT

port = 0:65535


banaction = shorewall

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]


action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]

action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]

action = %(action_)s




[sshd]

port    = ssh
logpath = %(sshd_log)s


[sshd-ddos]
port    = ssh
logpath = %(sshd_log)s


[dropbear]

port     = ssh
logpath  = %(dropbear_log)s


[selinux-ssh]

port     = ssh
logpath  = %(auditd_log)s
maxretry = 5



[apache-auth]

port     = http,https
logpath  = %(apache_error_log)s


[apache-badbots]
port     = http,https
logpath  = %(apache_access_log)s
bantime  = 172800
maxretry = 1


[apache-noscript]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 6


[apache-overflows]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-nohome]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-botsearch]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-modsecurity]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[nginx-http-auth]

ports   = http,https
logpath = %(nginx_error_log)s



[php-url-fopen]

port    = http,https
logpath = %(nginx_access_log)s %(apache_access_log)s


[suhosin]

port    = http,https
logpath = %(suhosin_log)s


[lighttpd-auth]
port    = http,https
logpath = %(lighttpd_error_log)s



[roundcube-auth]

port     = http,https
logpath  = /var/log/roundcube/userlogins


[openwebmail]

port     = http,https
logpath  = /var/log/openwebmail.log


[horde]

port     = http,https
logpath  = /var/log/horde/horde.log


[groupoffice]

port     = http,https
logpath  = /home/groupoffice/log/info.log


[sogo-auth]
port     = http,https
logpath  = /var/log/sogo/sogo.log


[tine20]

logpath  = /var/log/tine20/tine20.log
port     = http,https
maxretry = 5



[guacamole]

port     = http,https
logpath  = /var/log/tomcat*/catalina.out


[webmin-auth]

port    = 10000
logpath = /var/log/auth.log



[squid]

port     =  80,443,3128,8080
logpath = /var/log/squid/access.log


[3proxy]

port    = 3128
logpath = /var/log/3proxy.log



[proftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(proftpd_log)s


[pure-ftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(pureftpd_log)s
maxretry = 6


[gssftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(syslog_daemon)s
maxretry = 6


[wuftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(wuftpd_log)s
maxretry = 6


[vsftpd]
port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(vsftpd_log)s



[assp]

port     = smtp,465,submission
logpath  = /root/path/to/assp/logs/maillog.txt


[courier-smtp]

port     = smtp,465,submission
logpath  = %(syslog_mail)s


[postfix]

port     = smtp,465,submission
logpath  = %(postfix_log)s


[sendmail-auth]

port    = submission,465,smtp
logpath = %(syslog_mail)s


[sendmail-reject]

port     = smtp,465,submission
logpath  = %(syslog_mail)s


[qmail-rbl]

filter  = qmail
port    = smtp,465,submission
logpath = /service/qmail/log/main/current


[dovecot]

port    = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s


[sieve]

port   = smtp,465,submission
logpath = %(dovecot_log)s


[solid-pop3d]

port    = pop3,pop3s
logpath = %(solidpop3d_log)s


[exim]

port   = smtp,465,submission
logpath = /var/log/exim/mainlog


[exim-spam]

port   = smtp,465,submission
logpath = /var/log/exim/mainlog


[kerio]

port    = imap,smtp,imaps,465
logpath = /opt/kerio/mailserver/store/logs/security.log



[courier-auth]

port     = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath  = %(syslog_mail)s


[postfix-sasl]

port     = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath  = %(postfix_log)s


[perdition]

port   = imap3,imaps,pop3,pop3s
logpath = /var/log/maillog


[squirrelmail]

port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log


[cyrus-imap]

port   = imap3,imaps
logpath = %(syslog_mail)s


[uwimap-auth]

port   = imap3,imaps
logpath = %(syslog_mail)s






[named-refused]

port     = domain,953
logpath  = /var/log/named/security.log


[nsd]

port     = 53
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/nsd.log



[asterisk]

port     = 5060,5061
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath  = /var/log/asterisk/messages
maxretry = 10


[freeswitch]

port     = 5060,5061
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath  = /var/log/freeswitch.log
maxretry = 10


[mysqld-auth]

port     = 3306
logpath  = %(mysql_log)s
maxretry = 5


[recidive]

logpath  = /var/log/fail2ban.log
port     = all
protocol = all
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day
maxretry = 5



[pam-generic]
banaction = iptables-allports
logpath  = /var/log/auth.log


[xinetd-fail]

banaction = iptables-multiport-log
logpath   = /var/log/daemon.log
maxretry  = 2


[stunnel]

logpath = /var/log/stunnel4/stunnel.log


[ejabberd-auth]

port    = 5222
logpath = /var/log/ejabberd/ejabberd.log


[counter-strike]

logpath = /opt/cstrike/logs/L[0-9]*.log
tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]

[nagios]

enabled  = false
logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
maxretry = 1

----------------EOF-------------------------

[abc@atlantis fail2ban]$ cat fail2ban.conf | grep -v "#"

[Definition]

loglevel = NOTICE

logtarget = /var/log/fail2ban.log

socket = /var/run/fail2ban/fail2ban.sock

pidfile = /var/run/fail2ban/fail2ban.pid

dbfile = /var/lib/fail2ban/fail2ban.sqlite3

dbpurgeage = 86400

----------------EOF-------------------------

[abc@atlantis jail.d]$ cat jail.local
[DEFAULT]
bantime = 36000
banaction = shorewall
backend = systemd

[sshd]
enabled = true

[sshd-ddos]
enabled = true

[pam-generic]
enabled = true

[php-url-fopen]
enabled = true

[apache-auth]
enabled = true

[apache-common]
enabled = true

[apache-noscript]
enabled = true

[apache-badbots]
enabled = true

[apache-modsecurity]
enabled = true

[apache-overflows]
enabled = true

[apache-botsearch]
enabled = true

[apache-nohome]
enabled = true

Comment 16 frollic nilsson 2015-03-04 08:18:07 UTC

Tried 0.9.1-1.fc20, and it starts, but there are warnings in /var/log/messages:

Mar  4 08:54:37 atlantis systemd: Starting Fail2Ban Service...
Mar  4 08:54:37 atlantis fail2ban-client: ERROR  No section: 'Definition'
Mar  4 08:54:37 atlantis fail2ban-client: ERROR  No section: 'Definition'
Mar  4 08:54:37 atlantis fail2ban-client: 2015-03-04 08:54:37,845 fail2ban.server         [20680]: INFO    Starting Fail2ban v0.9.1
Mar  4 08:54:37 atlantis fail2ban-client: 2015-03-04 08:54:37,846 fail2ban.server         [20680]: INFO    Starting in daemon mode
Mar  4 08:54:39 atlantis systemd: Started Fail2Ban Service.

and in /var/log/fail2ban.log:

2015-03-04 09:14:33,034 fail2ban.jail           [23723]: INFO    Jail 'apache-auth' started
2015-03-04 09:14:33,064 fail2ban.filtersystemd  [23723]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2015-03-04 09:14:33,085 fail2ban.jail           [23723]: INFO    Jail 'apache-badbots' started
2015-03-04 09:14:33,120 fail2ban.filtersystemd  [23723]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2015-03-04 09:14:33,139 fail2ban.jail           [23723]: INFO    Jail 'apache-noscript' started
2015-03-04 09:14:33,147 fail2ban.filtersystemd  [23723]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2015-03-04 09:14:33,158 fail2ban.jail           [23723]: INFO    Jail 'apache-overflows' started
2015-03-04 09:14:33,187 fail2ban.filtersystemd  [23723]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.

Comment 17 Orion Poplawski 2015-03-05 02:35:10 UTC

FYI - Using the systemd backend at this point breaks all banning for all services that do not log to the journal - this includes the apache-* jails that you get warnings for as httpd does not log to the journal.

Comment 18 frollic nilsson 2015-03-05 09:11:28 UTC

Thanks for the heads up.

removed the systemd override I had in the jail.local file, now backend should be auto again.

checking the logs after restart I noticed this (posted in the log before the restart):

2015-03-05 10:05:28,053 fail2ban.actions        [26440]: ERROR   Failed to execute ban jail 'sshd' action 'shorewall' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x17296e0>, 'matches': u'2015-03-05T07:01:13.835218 atlantis.abc.com sshd[21455]: Failed password for root from 115.231.222.176 port 50572 ssh2\n2015-03-05T07:01:16.530344 atlantis.abc.com sshd[21455]: Failed password for root from 115.231.222.176 port 50572 ssh2\n2015-03-05T07:01:18.478689 atlantis.abc.com sshd[21455]: Failed password for root from 115.231.222.176 port 50572 ssh2\n2015-03-05T07:01:22.754420 atlantis.abc.com sshd[21461]: Failed password for root from 115.231.222.176 port 51852 ssh2\n2015-03-05T07:01:24.699936 atlantis.abc.com sshd[21461]: Failed password for root from 115.231.222.176 port 51852 ssh2', 'ip': '115.231.222.176', 'ipmatches': <function <lambda> at 0x17297d0>, 'ipfailures': <function <lambda> at 0x1729668>, 'time': 1425546328.049277, 'failures': 5, 'ipjailfailures': <function <lambda> at 0x1729758>})': Error binding parameter 0 - probably unsupported type.

Comment 19 Orion Poplawski 2015-03-09 22:18:29 UTC

You do not appear to have shorewall configured properly, or perhaps a SELinux issue.  What happens when you run:

shorewall reject 115.231.222.176

Any denials in /var/log/audit/audit.log?

Comment 20 frollic nilsson 2015-03-10 11:27:16 UTC

[root@atlantis ~]# shorewall reject 115.231.222.176
115.231.222.176 Rejected
[root@atlantis ~]#

SELinux is disabled.

What exactly am I looking for in the audit.log ?

Comment 21 Orion Poplawski 2015-04-07 22:17:40 UTC

grep -F denied /var/log/audit/audit.log

Comment 22 frollic nilsson 2015-04-08 05:21:22 UTC

I checked the audit.log history I had, back to the beginning of March,
not a single denied entry until today.

Comment 23 Fedora End Of Life 2015-05-29 13:37:14 UTC

This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 24 Fedora End Of Life 2015-06-30 01:15:39 UTC

Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.