I've got an up-to-date Centos 5.8 and can't seem to get fail2ban to get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf has these sections:
[ssh]
enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports # such as iptables-allports, shorewall [pam-generic]
enabled = false # pam-generic filter can be customized to monitor specific subset of 'tty's filter = pam-generic # port actually must be irrelevant but lets leave it all for some possible uses port = all banaction = iptables-allports port = anyport logpath = /var/log/auth.log maxretry = 6
and an excerpt from a logwatch run just now is:
--------------------- pam_unix Begin ------------------------
sshd: Authentication Failures: unknown (190.145.98.179): 2460 Time(s) root (58.51.95.75): 285 Time(s) unknown (122.70.128.5): 125 Time(s) postgres (190.145.98.179): 64 Time(s) mail (190.145.98.179): 40 Time(s) mysql (190.145.98.179): 40 Time(s) root (190.145.98.179): 36 Time(s) unknown (58.51.95.75): 26 Time(s) ftp (190.145.98.179): 17 Time(s) root (122.70.128.5): 15 Time(s) root (221.226.215.117): 13 Time(s) root (cloud-128-117.diagcomputing.org): 13 Time(s) adm (190.145.98.179): 12 Time(s)
so advice? redirection? rtfm?
Dave