I just downloaded and configured fail2ban-0.8.14 (latest stable version) on my Amazon EC2 instance. I set it up on SSH and FTP, both using iptables to ban.
I have allowed 5 retries and after that it gets banned for 10-20 minutes depending on the service.
At first it seemed to be working, but I noticed when I try to login as a user known to the system (found in /etc/passwd) - it doesn't ban them, regardless of tries.
If the user isn't known to the system, it correctly bans them after 5 retries.
Anybody who have an idea what I could have done wrong?
[link][6 comments]