fail2ban in CentOS 6.x can sometimes be a bit troublesome, at least compared to the Debian/Ubuntu implementation (imho) .
I suspect I’ve solved the CentOS 6.x, fail2ban and proftpd integration different every time I’ve set it up so this tim ‘Ill write it down.
With this configuration I got fail2ban to ban failed proftpd ftp login’s with ‘default’ fail2ban config apart from enabling the proftpd-iptables ‘jail’ in /etc/fail2ban/jail.conf
[proftpd-iptables] enabled = true filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] sendmail-whois[name=ProFTPD, dest=root@localhost] logpath = /var/log/secure maxretry = 4
What did the trick was to have proftpd to log AUTH to /var/log/secure, in the right format.
In /etc/proftpd.conf comment out the default LogFormat auth directive and add your own:
#LogFormat auth "%v [%P] %h %t \"%r\" %s" ExtendedLog /var/log/secure AUTH auth LogFormat auth "%v %t "%r" [%h] %s"