Hi After som internet searches this seems not to be an issue, but I want to be sure! Is the following in need of some interaction from me? (What is happening?) Code: 2014-05-05 00:33:44,537 fail2ban.server : INFO Stopping all jails 2014-05-05 00:33:45,224 fail2ban.jail : INFO Jail 'pureftpd' stopped 2014-05-05 00:33:46,169 fail2ban.jail : INFO Jail 'dovecot-pop3imap' stopped 2014-05-05 00:33:46,835 fail2ban.jail : INFO Jail 'ssh' stopped 2014-05-05 00:33:46,836 fail2ban.server : INFO Exiting Fail2ban 2014-05-05 00:35:44,713 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6 2014-05-05 00:35:44,722 fail2ban.jail : INFO Creating new jail 'ssh' 2014-05-05 00:35:44,762 fail2ban.jail : INFO Jail 'ssh' uses Gamin 2014-05-05 00:35:44,894 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2014-05-05 00:35:44,895 fail2ban.filter : INFO Set maxRetry = 6 2014-05-05 00:35:44,897 fail2ban.filter : INFO Set findtime = 600 2014-05-05 00:35:44,898 fail2ban.actions: INFO Set banTime = 600 2014-05-05 00:35:44,956 fail2ban.jail : INFO Creating new jail 'pureftpd' 2014-05-05 00:35:44,957 fail2ban.jail : INFO Jail 'pureftpd' uses Gamin 2014-05-05 00:35:44,959 fail2ban.filter : INFO Added logfile = /var/log/syslog 2014-05-05 00:35:44,960 fail2ban.filter : INFO Set maxRetry = 3 2014-05-05 00:35:44,962 fail2ban.filter : INFO Set findtime = 600 2014-05-05 00:35:44,962 fail2ban.actions: INFO Set banTime = 600 2014-05-05 00:35:44,972 fail2ban.jail : INFO Creating new jail 'dovecot-pop3imap' 2014-05-05 00:35:44,972 fail2ban.jail : INFO Jail 'dovecot-pop3imap' uses Gamin 2014-05-05 00:35:44,974 fail2ban.filter : INFO Added logfile = /var/log/mail.log 2014-05-05 00:35:44,975 fail2ban.filter : INFO Set maxRetry = 5 2014-05-05 00:35:44,977 fail2ban.filter : INFO Set findtime = 600 2014-05-05 00:35:44,978 fail2ban.actions: INFO Set banTime = 600 2014-05-05 00:35:45,001 fail2ban.jail : INFO Jail 'ssh' started 2014-05-05 00:35:45,017 fail2ban.jail : INFO Jail 'pureftpd' started 2014-05-05 00:35:45,027 fail2ban.jail : INFO Jail 'dovecot-pop3imap' started 2014-05-05 06:48:51,731 fail2ban.filter : INFO Log rotation detected for /var/log/syslog 2014-05-05 16:16:24,958 fail2ban.actions: WARNING [pureftpd] Ban 60.176.104.75 2014-05-05 16:26:25,608 fail2ban.actions: WARNING [pureftpd] Unban 60.176.104.75 Thanks, //millpark10
According to your logs A log file grows without bound unless action is taken and this can cause problems. A solution to this generic problem of log file growth is log rotation. This involves the regular (nightly or weekly, typically) moving of an existing log file to some other file name and starting fresh with an empty log file. After a period the old log files get thrown away. See also link The ban and unban is ok, its the purpose of fail2ban and the log file shows that it works as intended. Fail2ban bans a ip if there are too many failed login attemps from that ip and it eill unban the ip after some time to avoid that your users get blocked permanently. This is useful and nescessary this does not has to be an attack, it can simply be a normal ftp client were soeone entered a wrong password which tries to auto reconnect. Banning aind unbanning is done with iptables, so you can ban ips also manually. Your lient ip should already be unbanned as the ban time on your server is most likely 10 minutes.