Недвано я обноружил, что fail2ban не работает и возвращает в лог подобные ошибки каждый раз при попытке бана.
2016-08-04 08:34:29,339 fail2ban.action [1817]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- stdout: ''
2016-08-04 08:34:29,339 fail2ban.action [1817]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- stderr: ''
2016-08-04 08:34:29,340 fail2ban.action [1817]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- returned 1
2016-08-04 08:34:29,340 fail2ban.CommandAction [1817]: ERROR Invariant check failed. Trying to restore a sane environment
2016-08-04 08:34:29,451 fail2ban.action [1817]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -w -F f2b-sshd
iptables -w -X f2b-sshd -- stdout: ''
2016-08-04 08:34:29,452 fail2ban.action [1817]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -w -F f2b-sshd
iptables -w -X f2b-sshd -- stderr: "iptables v1.4.21: Couldn't load target `f2b-sshd':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2016-08-04 08:34:29,452 fail2ban.action [1817]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -w -F f2b-sshd
iptables -w -X f2b-sshd -- returned 1
2016-08-04 08:34:29,453 fail2ban.actions [1817]: ERROR Failed to execute ban jail 'sshd' action 'iptables-multiport' info 'CallingMap({'ipjailmatches': <function <lambda> at 0xcbfb90>, 'matches': u"2016-08-04T08:34:21.161902 home.main sshd[10929]: Invalid user support from 103.207.38.248\n2016-08-04T08:34:21.795550 home.main sshd[10929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.207.38.248\n2016-08-04T08:34:23.773492 home.main sshd[10929]: Failed password for invalid user support from 103.207.38.248 port 51975 ssh2\n2016-08-04T08:34:28.122077 home.main sshd[10932]: User root from 103.207.38.248 not allowed because none of user's groups are listed in AllowGroups\n2016-08-04T08:34:28.512380 home.main sshd[10932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.207.38.248 user=root", 'ip': '103.207.38.248', 'ipmatches': <function <lambda> at 0xcbfb18>, 'ipfailures': <function <lambda> at 0xcbfcf8>, 'time': 1470281669.225073, 'failures': 5, 'ipjailfailures': <function <lambda> at 0xcbfc80>})': Error stopping action
2016-08-04 08:34:30,522 fail2ban.filter [1817]: INFO [sshd] Found 182.100.67.62
2016-08-04 08:34:30,789 fail2ban.filter [1817]: INFO [sshd] Found 103.207.38.248
2016-08-04 08:34:33,086 fail2ban.filter [1817]: INFO [sshd] Found 103.207.38.248
2016-08-04 08:34:33,748 fail2ban.filter [1817]: INFO [sshd] Found 103.207.38.248
2016-08-04 08:34:33,882 fail2ban.filter [1817]: INFO [sshd] Found 182.100.67.62
