I've got an up-to-date Centos 5.8 and can't seem to get fail2ban to
get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf
has these sections:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]
enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some
possible uses
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
maxretry = 6
and an excerpt from a logwatch run just now is:
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (190.145.98.179): 2460 Time(s)
root (58.51.95.75): 285 Time(s)
unknown (122.70.128.5): 125 Time(s)
postgres (190.145.98.179): 64 Time(s)
mail (190.145.98.179): 40 Time(s)
mysql (190.145.98.179): 40 Time(s)
root (190.145.98.179): 36 Time(s)
unknown (58.51.95.75): 26 Time(s)
ftp (190.145.98.179): 17 Time(s)
root (122.70.128.5): 15 Time(s)
root (221.226.215.117): 13 Time(s)
root (cloud-128-117.diagcomputing.org): 13 Time(s)
adm (190.145.98.179): 12 Time(s)
so advice? redirection? rtfm?
Dave
--
It is told that such are the aerodynamics and wing loading of the
bumblebee that, in principle, it cannot fly...if all this be
true...life among bumblebees must bear a remarkable resemblance to
life in the United States.
-- John Kenneth Galbraith, in American Capitalism: The Concept of
Countervailing Power