On 03/12/2013 05:35 PM, Timothy Murphy wrote: > I'm running fail2ban on my server (under CentOS-6.4) > and it seems to be running according to > ------------------------- > [tim at grover fail2ban]$ sudo service fail2ban status > Fail2ban (pid 31794) is running... > Status > |- Number of jail: 1 > `- Jail list: ssh-iptables > ------------------------- > I have absolutely no idea how fail2ban works, > and I'm running it with the default /etc/fail2ban/fail2ban.conf , > which seems to set the logfile to /var/log/fail2ban.log . > Should I actually study how it is meant to be configured? > > I just yum-installed it (from Epel, I assume) > and hope it does its job, whatever that is. It sets up iptables rules for every jail that is configured (iptables -L). You seem to have only the ssh-iptables configured. Check the date of the logfile. I noticed that SYSLOG is now used for logging. It used to be /var/log/fail2ban.log in the past. I removed the old log file. If ssh is the only public service you want to protect against brute force, then you don't need to setup anything. But have a look in /etc/fail2ban/jail.conf and add at least your email address to get a notification when it blocks access. There lots of other "jails" that can be enabled. Normally I receive several messages a day. So not receiving them means that the service is no longer protecting. Simply because it watches a renamed no longer updated version of /var/log/secure: ls -l /var/log/secure* -rw------- 1 root root 2130892 Mar 12 18:25 /var/log/secure -rw------- 1 root root 1374710 Feb 17 01:31 /var/log/secure-20130217 -rw------- 1 root root 1482646 Feb 24 03:09 /var/log/secure-20130224 -rw------- 1 root root 1732930 Mar 3 03:13 /var/log/secure-20130303 -rw------- 1 root root 656454 Mar 10 03:12 /var/log/secure-20130310 Once a week fail2ban stops working as a new secure log file is created (logrotate) and it seems to watch the only old name. You will not see any error message and status show as running. But I have no proof that it keeps working with the gamin fix. Theo