Issue fail2ban: Plesk does not correctly create jail.local (or is it correct?)

[King555]

I just configured fail2ban via Plesk and afterwards I checked the jail.local file in /etc/fail2ban/.

It seems like this file is not created correctly by Plesk. Or do I misunderstand something?

Here is the relevant content:

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
maxretry = 3
destemail = [email protected]
findtime = 600
bantime = 86400

[recidive]
enabled = true
maxretry = 5

[plesk-proftpd]
enabled = true
maxretry = 10
action = iptables-allports[name=plesk-proftpd]

[plesk-postfix]
enabled = true
maxretry = 3
action = iptables-allports[name=plesk-postfix]

[plesk-horde]
enabled = true

[plesk-apache-badbot]
enabled = true
bantime = 604800
action = iptables-allports[name=plesk-apache-badbot]

[plesk-wordpress]
enabled = false

[plesk-roundcube]
enabled = true
action = iptables-allports[name=plesk-roundcube]
        sendmail[dest="root", sender="fail2ban", sendername="Fail2Ban", name="default"]

What I'm missing compared to my configuration in Plesk:
- bantime of recidive was set to 604800, but not in the jail.local
- horde should be enabled=false or removed, because I do not have this jail in my list as Horde is not installed (it was for 5 minutes, then I switched to Roundcube)
- plesk-apache-badbot was set to 1 retry, jail.local does not contain line, so I guess the default of 3 will be the value
- Not critical: plesk-postfix has the same maxretry as the default value, shouldn't this value be omitted then?

Is this a bug or is everything working normally, because the information in the jail.local is not the complete configuration?

 

[King555]

More than 3 years later I allow myself a push post.

- bantime of recidive was set to 604800, but not in the jail.local => still a problem
- horde should be enabled=false or removed, because I do not have this jail in my list as Horde is not installed (it was for 5 minutes, then I switched to Roundcube) => meanwhile solved
- plesk-apache-badbot was set to 1 retry, jail.local does not contain line, so I guess the default of 3 will be the value => still a problem
- Not critical: plesk-postfix has the same maxretry as the default value, shouldn't this value be omitted then? => still a problem, but this time for the ssh jail (meanwhile I set postfix to 2 and this is also visible in the jail.local file); there are other jails with 3 retries which have no value in the file (which seems correctly), so quite a strange behaviour

Any fail2ban experts here?

Also there is another problem with the ssh jail. I want to set it to 2 retries, but then I get banned after only 1 try. So I have to set it to 3 to have 2 retries. What's the logic behind this? In my opinion 2 retries should mean you can type the password incorrectly for 2 times.

[ssh]
maxretry = 3
enabled = true
action = iptables-allports[chain="INPUT", name="ssh", protocol="all", returntype="RETURN", lockingopt="-w"]
        sendmail[mailcmd='/usr/sbin/sendmail -f "[email protected]" "[email protected]"', dest="[email protected]", sender="[email protected]", sendername="Fail2Ban", name="ssh"]