[CentOS] Interpreting logwatch

Wed Sep 8 13:53:44 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

Timothy Murphy wrote:
> m.roth at 5-cent.us wrote:
>
>>> Every few days I see in the logwatch on my Centos-5.5 web-server
>>> what seems like a rather feeble break-in attempt.
>
>>> In fact, I'm not clear how one should deal with logwatch entries
>>> in general.
>>> Is there any document giving advice on this?
>>
>> We run fail2ban. It blocks a given IP for so long after so many (3? 5?)
>> failed attempts to break in. It also does a whois on the IP, which is a
>> little more info.
>
> Thanks, I'll try that.
> I had heard of fail2ban , but was slightly put off by the strange name;
> what exactly is the name meant to convey?
>
They fail to log in successfully enough times, they're banned by firewall
rules.

*heh* If odd names put you off, you probably shouldn't be playing with any
version of *Nix.... <g> fail2ban is pretty self-explanatory, compared to,
say, bonobo, or anaconda, or gnome....

          mark "I know awk, sed, cp, rm, and dozens of other 2 and 3
letter commands,
                      and I'm not afraid to use them!"