14.04 Server Fail2ban not working by default - broken package

[Habitual]

I first noticed things weren't "quite right" on the auth.log when using fail2ban > 1.8.10 which is why I stuck to that version.

I now just use ufw and my trusted IPs in /etc/hosts.allow and
/etc/hosts.deny:sshd: ALL

[TheFu]

The people in my company travel to different counties and need for fail2ban to protect ssh services from almost anywhere. It is hard to know the IP subnet for any company or hotel before arriving. I've been in 1 country, but had my traffic routed through another (as far as my geo-location though).

For example, in October, we had people in 6 countries on 3 continents.

Also, we really push for them to use x2go remote desktops when traveling and not have any data local to their computers - definitely not any email or proprietary data.

tcp-wrappers is handy, but not good enough for our needs on these public facing systems.

[mastablasta]

maybe VPN then?

yeah if you move you need something to make blacklists and to ban those that are naughty

[TheFu]

maybe VPN then?

yeah if you move you need something to make blacklists and to ban those that are naughty

These are ideas, but seems like having fail2ban work by default would be easier - you know - like it did in the last 5+ yrs?

Much more likely to switch to denyhosts first.
Plus maintaining this list when on travel isn't a good idea.

I've enabled the email updates when someone gets banned and logwatch isn't showing any more failed attempts since blocking that subnet. We don't listen on 22 on the public interface. Though I'm not comfortable using obscurity as a security method.

[mastablasta]

well mine is also not working as expected and I've spent quite some time figuring what is wrong I even asked a guru if the command is worng as nothing happens as it should still investigating. I am doing some tests and when i get a new attempt&ban (shouldn't be too long) I plan to submit a bug.