[CentOS] anyone care to helop with a fail2ban problem on Centos 5.8?

Dave Stevens

geek at uniserve.com
Mon May 28 20:00:28 UTC 2012


I've got an up-to-date Centos 5.8 and can't seem to get fail2ban to  
get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf  
has these sections:

[ssh]

enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 6

# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]

enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter  = pam-generic
# port actually must be irrelevant but lets leave it all for some  
possible uses
port = all
banaction = iptables-allports
port     = anyport
logpath  = /var/log/auth.log
maxretry = 6

and an excerpt from a logwatch run just now is:

  --------------------- pam_unix Begin ------------------------

  sshd:
     Authentication Failures:
        unknown (190.145.98.179): 2460 Time(s)
        root (58.51.95.75): 285 Time(s)
        unknown (122.70.128.5): 125 Time(s)
        postgres (190.145.98.179): 64 Time(s)
        mail (190.145.98.179): 40 Time(s)
        mysql (190.145.98.179): 40 Time(s)
        root (190.145.98.179): 36 Time(s)
        unknown (58.51.95.75): 26 Time(s)
        ftp (190.145.98.179): 17 Time(s)
        root (122.70.128.5): 15 Time(s)
        root (221.226.215.117): 13 Time(s)
        root (cloud-128-117.diagcomputing.org): 13 Time(s)
        adm (190.145.98.179): 12 Time(s)

so advice? redirection? rtfm?

Dave


-- 
It is told that such are the aerodynamics and wing loading of the  
bumblebee that, in principle, it cannot fly...if all this be  
true...life among bumblebees must bear a remarkable resemblance to  
life in the United States.

-- John Kenneth Galbraith, in American Capitalism: The Concept of  
Countervailing Power





More information about the CentOS mailing list