blog

Sun, 08 Jun 2008
failed2ban

I received a logcheck mail containing the usual ssh brute force attempts and was wondering why fail2ban no longer triggered.
I only configured shorewall recently and thought it might have something to do with that, but no..
$ tail -f /var/log auth.log /var/log/fail2ban.log ==> /var/log/auth.log <== Jun 7 23:11:47 socket sshd[7866]: Failed password for andreas from 172.16.1.1 port 39280 ssh2 ==> /var/log/fail2ban.log <== 2008-06-08 01:11:48,145 fail2ban.filter : DEBUG /var/log/auth.log has been modified 2008-06-08 01:11:48,145 fail2ban.filter : DEBUG Opened /var/log/auth.log 2008-06-08 01:11:48,145 fail2ban.filter : DEBUG Setting file position to 812904L for /var/log/auth.log 2008-06-08 01:11:48,146 fail2ban.filter.datedetector: DEBUG Sorting the template list
fail2ban-regex matched, the correct file was read, everything seemed fine.
It simply wasn't the right time to ban random ip addresses.

[/misc] permanent link

[Home]

About
Name: Andreas Putzo
Location: 53 N 10 E

Links

Debian

OpenStreetMap

NMMN

Alpha Basis Projekt

[RSS]