On Tue, Mar 12, 2013 at 11:51 AM, Theo Band <theo.band at greenpeak.com> wrote: > On 10/17/2012 05:51 PM, SilverTip257 wrote: > > I recall others on this list are using fail2ban to block brute force > > login attempts. > > Packages are from the EPEL repo, so I'm just sharing some knowledge here. > > > > For about two months now I've had a CentOS 6.3 box (web host) in > > production that occasionally is ftp brute forced. > > Oddly enough fail2ban wasn't nabbing the perpetrators. I found that > > the iptables chain for VSFTP isn't created for one. > > > > I have finally come to find [0] that indicates there's a problem with > > the inotify backend. > > Setting backend=gamin in /etc/fail2ban/jail.conf gives me the iptables > > chain I expect to find and one blocked host. > > > > Hope this is helpful to somebody until a new version is commited to EPEL. > > > > <quote> > > yarikoptic: > > ok -- that point was not yet good ;) now (0.8.6-95-gc0c1232) that > > branch seems to work just perfect. If I hear no complaints or do not > > see problem with my instance -- I will merge it into master tomorrow, > > thus closing this issue > > </quote> > > > > [0] https://github.com/fail2ban/fail2ban/issues/44 > > > > Thanks for the tip (I know it's a very old message). > Happy you found it useful. > I have updated recently to 6 and see that fail2band ssh dos no longer > works. Indeed after log rotate fail2ban seems to follow the old log file > instead of the newly created /var/log/secure. > I've also recently noticed fail2ban choking on name resolution. By that I mean f2b determines the name of the connecting host and it complains indicating the pointer record doesn't match. Based on the number of login attempts it doesn't seem to be actually blocking the host either. I have SSH locked down for my access only, but FTP is wide open for customer access. I let fail2ban keep tabs on logins with the vsftp-iptables jail. > I had backend = auto in /etc/fail2ban/jail.conf and gamin and pyinotify > are both installed. I now changed backend to gamin and give it another > try. The next log rotate is next week.... > Anyone else using fail2ban with CentOS6 installed from epel? > > fail2ban-0.8.8-2.el6.noarch on CentOS6.4 > > Theo > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 //