Re: How to change fail2ban timeout during reboot in F40?

On 2024-05-12 16:11, Anthony Messina wrote: Of course, you'll want to set something suitable for your system's needs ~]# cat /etc/systemd/system/fail2ban.service.d/timeout.conf [Service] TimeoutStopSec=5min Thanks Frank -- -- ___ users mailing l

Re: How to change fail2ban timeout during reboot in F40?

was a target of an attack resulting in 1600 banned IP address by > fail2ban. > When I reboot, f2b tries to unban those IPs but it ultimately times out and > a large number of IPs becomes orphaned. They stay in firewalld, but f2b > does not know about them anymore. > > And indee

How to change fail2ban timeout during reboot in F40?

Hi, I was a target of an attack resulting in 1600 banned IP address by fail2ban. When I reboot, f2b tries to unban those IPs but it ultimately times out and a large number of IPs becomes orphaned. They stay in firewalld, but f2b does not know about them anymore. And indeed root@ryzen:/etc

Re: Fail2ban is failing

t; > > until > > > the > > > next system reboot by doing the following: > > > > > > # setenforce 0 > > > # systemctl start fail2ban > > > > > > ... wait a minute ... > > > > > > # setenforce 1 > > > &

Re: Fail2ban is failing

; > # setenforce 0 > > # systemctl start fail2ban > > > > ... wait a minute ... > > > > # setenforce 1 > > > > That seems to work. Looks like a problem with SElinux labelling. > More or less, basically from what I can tell with F40 that the link f

Re: Fail2ban is failing

On Fri, 2024-05-03 at 13:08 -0400, Tom Rivers via users wrote: > Until the fix is available, I've been able to get it running until > the > next system reboot by doing the following: > > # setenforce 0 > # systemctl start fail2ban > > ... wait a minute ... > &g

Re: Fail2ban is failing

Until the fix is available, I've been able to get it running until the next system reboot by doing the following: # setenforce 0 # systemctl start fail2ban ... wait a minute ... # setenforce 1 Tom On 5/3/2024 12:39 PM, Patrick O'Callaghan wrote: On Fri, 2024-05-03 at 06:45 -050

Re: Fail2ban is failing

On Fri, 2024-05-03 at 06:45 -0500, Richard Shaw wrote: > On Fri, May 3, 2024 at 6:31 AM Patrick O'Callaghan > > wrote: > > > F40 fully updated. > > > > Try a `dnf --refresh update`. The fix just went to stable last night. That just gets the same update I already tried. poc --

Re: Fail2ban is failing

On Fri, May 3, 2024 at 6:31 AM Patrick O'Callaghan wrote: > F40 fully updated. > Try a `dnf --refresh update`. The fix just went to stable last night. Thanks, Richard -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an em

Fail2ban is failing

F40 fully updated. # systemctl status fail2ban × fail2ban.service - Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: failed

Re: fail2ban on F40 is quiet

On Sun, Apr 28, 2024 at 12:59:49PM -0400, Frank Bures wrote: > On 2024-04-28 11:39, Barry wrote: > > > > > > > On 28 Apr 2024, at 16:31, Frank Bures wrote: > > > > > > The problem is that there are no connection attempts in /var/log/secure > > > or /var/log/messages so obviously f2b has nothin

Re: fail2ban on F40 is quiet

On 2024-04-28 12:59, Frank Bures wrote: On 2024-04-28 11:39, Barry wrote: On 28 Apr 2024, at 16:31, Frank Bures wrote: The problem is that there are no connection attempts in /var/log/secure or /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and no

Re: fail2ban on F40 is quiet

On 2024-04-28 11:39, Barry wrote: On 28 Apr 2024, at 16:31, Frank Bures wrote: The problem is that there are no connection attempts in /var/log/secure or /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and nothing is updating the legacy /var/log fi

Re: fail2ban on F40 is quiet

> On 28 Apr 2024, at 16:31, Frank Bures wrote: > > The problem is that there are no connection attempts in /var/log/secure or > /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and nothing is updating the legacy /var/log files? What does journalctl repo

Re: fail2ban on F40 is quiet

On 2024-04-28 10:58, Richard Shaw wrote: On Sun, Apr 28, 2024 at 9:31 AM Frank Bures > wrote: Hi, My machine is exposed to the wild and I was seeing hundreds of connection attempts per day in my logs and in fail2ban.log. All these nefarious activities c

Re: fail2ban on F40 is quiet

there something fundamentally different in F40 connectivity? I can still connect from outside on pre-defined ports using ssh so my ISP is not blocking anything. I also use fail2ban to keep the riff-raff out of my home web server.  I also have ssh on a non-standard port and smtp and imap/pop.  I saw

Re: fail2ban on F40 is quiet

connectivity? I can still connect from outside on pre-defined ports using ssh so my ISP is not blocking anything. I also use fail2ban to keep the riff-raff out of my home web server. I also have ssh on a non-standard port and smtp and imap/pop. I saw no difference between 39 and 40. I even

Re: fail2ban on F40 is quiet

On Sun, Apr 28, 2024 at 9:31 AM Frank Bures wrote: > Hi, > > My machine is exposed to the wild and I was seeing hundreds of connection > attempts per day in my logs and in fail2ban.log. > > All these nefarious activities ceased after upgrade to F40. > > Question: > Is there something fundamentall

fail2ban on F40 is quiet

Hi, My machine is exposed to the wild and I was seeing hundreds of connection attempts per day in my logs and in fail2ban.log. All these nefarious activities ceased after upgrade to F40. Question: Is there something fundamentally different in F40 connectivity? I can still connect from outside

Re: Request for testing: fail2ban 1.0.1 update

On 10/17/22 15:14, Richard Shaw wrote: If you can, please file an issue upstream and let me know what the URL is. Include as much info as you're able, especially any relevant log file entries. https://github.com/fail2ban/fail2ban/issues <https://github.com/fail2ban/fail2ba

Re: Request for testing: fail2ban 1.0.1 update

On Mon, Oct 17, 2022 at 2:12 PM Charles Dennett wrote: > > I've been testing f2b over the past few days and I can now make it fail > on demand. By that I mean the fail2ban-server process uses 100% of a > cpu and becomes unresponsive and will not respond to fail2ban-client or &g

Re: Request for testing: fail2ban 1.0.1 update

I've been testing f2b over the past few days and I can now make it fail on demand. By that I mean the fail2ban-server process uses 100% of a cpu and becomes unresponsive and will not respond to fail2ban-client or process any other log entries (apache, sshd, etc.) whenever it attempt

Re: Request for testing: fail2ban 1.0.1 update

Version 1.0.1 now seems to be running. As I noted before, my problem had something to do with the dovecot jail. I did notice a few config files had .rpmnew versions after upgrading. I went through just to make sure there were no local mods. I do have .local files so I should not have made

Re: Request for testing: fail2ban 1.0.1 update

On 10/14/22 13:07, Richard Shaw wrote: Interestingly, I did not have any issues, but I'm only running a sshd jail, which is one of the reasons I wanted wider testing. I verified that fail2ban was restarted (systemctl status fail2ban) and then checked the status (fail2ban-client status

Re: Request for testing: fail2ban 1.0.1 update

Interestingly, I did not have any issues, but I'm only running a sshd jail, which is one of the reasons I wanted wider testing. I verified that fail2ban was restarted (systemctl status fail2ban) and then checked the status (fail2ban-client status sshd) and everything was fine. I also did a

Re: Request for testing: fail2ban 1.0.1 update

I saw a similar problem in my f36 system. 100% CPU usage for the fail2ban-server process after upgrading to 1.0.1-1. I also tried removing the sqlite database with no impact. fail2ban-server was so busy it would not receive connections from fail2ban-client. I enabled DEBUG logging, but that

Re: Request for testing: fail2ban 1.0.1 update

On Fri, Oct 14, 2022 at 9:55 AM Charlie Dennett wrote: > > > On Mon, Oct 3, 2022 at 2:57 PM Richard Shaw wrote: > >> I have disabled auto-stable based on time for the updates: I have >> submitted updates for f36 and up and EPEL 9. >> >> https://bodhi.fedora

Re: Request for testing: fail2ban 1.0.1 update

On Mon, Oct 3, 2022 at 2:57 PM Richard Shaw wrote: > I have disabled auto-stable based on time for the updates: I have > submitted updates for f36 and up and EPEL 9. > > https://bodhi.fedoraproject.org/updates/?search=fail2ban > > I would like some sort of confirmation on the u

Request for testing: fail2ban 1.0.1 update

I have disabled auto-stable based on time for the updates: I have submitted updates for f36 and up and EPEL 9. https://bodhi.fedoraproject.org/updates/?search=fail2ban I would like some sort of confirmation on the update itself or by direct communication that everything appears to be working

Re: Fail2ban-all

On Thu, Aug 6, 2020 at 5:07 AM Scott van Looy via users < users@lists.fedoraproject.org> wrote: > I’m running F32 > > Trying to update today and I get: > > Problem: cannot install the best update candidate for package > fail2ban-all-0.11.1-6.fc32.noarch > - nothi

Fail2ban-all

I’m running F32 Trying to update today and I get: Problem: cannot install the best update candidate for package fail2ban-all-0.11.1-6.fc32.noarch - nothing provides python2-inotify needed by fail2ban-all-0.11.1-9.fc32.noarch Anyone have any ideas if this is something I’ve done or if there’s

Re: Strange firewalld error from fail2ban

On Mon, 2018-12-03 at 15:46 -0600, Richard Shaw wrote: > On Mon, Dec 3, 2018 at 12:32 PM Patrick O'Callaghan > wrote: > > > Dec 03 10:10:45 bree firewalld[844]: ERROR: '/usr/sbin/iptables-restore -w > > -n' failed: iptables-restore v1.8.0 (legacy):

Re: Strange firewalld error from fail2ban

On Mon, Dec 3, 2018 at 12:32 PM Patrick O'Callaghan wrote: > Dec 03 10:10:45 bree firewalld[844]: ERROR: '/usr/sbin/iptables-restore -w > -n' failed: iptables-restore v1.8.0 (legacy): Set fail2ban-sshd doesn't > exist. > Does this help? https://github.com/fail2

Strange firewalld error from fail2ban

firewalld - dynamic firewall daemon. Dec 03 10:10:45 bree firewalld[844]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): Set fail2ban-sshd doesn't exist. Error occu

Re: Fail2ban

On Mon, Feb 5, 2018 at 8:08 PM, Bill Shirley wrote: > If you have a huge number of addresses that are banned, you should use an > ipset action instead of iptables action. Just now getting a chance to respond to this thread... I tried using the ipset method but it appears to be broken... https:

Re: Fail2ban

If you have a huge number of addresses that are banned, you should use an ipset action instead of iptables action. Bill On 2/5/2018 3:53 PM, Jeffrey Ross wrote: Fedora 27 system Trying to get Fail2ban to work properly on the system and I'm looking for a good example to follow fo

Fail2ban

Fedora 27 system Trying to get Fail2ban to work properly on the system and I'm looking for a good example to follow for the firewall portion. Some of the challenges I've had is when shutting down the system it can take a very very long time to "unban" all the banned a

Re: F27 - fail2ban not adding iptables chains

On Thu, 2017-11-30 at 14:30 +, John Horne wrote: > Hello, > > I recently upgraded my PC from F26 to F27, and noticed that fail2ban was not > adding the configured chains to iptables. This worked fine at F26. > Hi, Problem solved. F26 ran fail2ban version 0.9 (I think), and F

F27 - fail2ban not adding iptables chains

Hello, I recently upgraded my PC from F26 to F27, and noticed that fail2ban was not adding the configured chains to iptables. This worked fine at F26. There are no error messages in the log files (dmesg, /var/log/messages, /var/log/fail2ban.log). I have tried disabling SELinux, then restarting

Re: fail2ban

On 09/25/2017 09:09 PM, Bill Shirley wrote: So your ipset is not getting created or has been deleted by another jail if it shares the same name. With fail2ban-client -d, look at your sshd jail, specifically the ['set', 'sshd', 'action', 'my_ipset_ip',

Re: fail2ban

So your ipset is not getting created or has been deleted by another jail if it shares the same name. With fail2ban-client -d, look at your sshd jail, specifically the ['set', 'sshd', 'action', 'my_ipset_ip', 'name', 'IPv4-ip'] make sure

Re: fail2ban

ports.conf) doesn't use ipset. > Somehow > your jail is using firewallcmd-ipset.conf. Use fail2ban-client -d to figure > out how > fail2ban is configured. > > Bill > > On 9/24/2017 4:26 PM, Jeffrey Ross wrote: I'm trying to configure fail2ban > and i

Re: fail2ban

irewallcmd-ipset.conf.  Use fail2ban-client -d to figure out how fail2ban is configured. Bill On 9/24/2017 4:26 PM, Jeffrey Ross wrote: I'm trying to configure fail2ban and it appears as if it is correctly identifying addresses to ban however it doesn't appear to be successful in banning hos

fail2ban

I'm trying to configure fail2ban and it appears as if it is correctly identifying addresses to ban however it doesn't appear to be successful in banning hosts: 2017-09-24 16:01:46,073 fail2ban.actions    [3591]: NOTICE [sshd] Ban 91.210.178.96 2017-09-24 16:01:46,494 fail2

Basic forensics on fail2ban banned hosts?

I'm looking for a tool that will look at the hosts banned by fail2ban and do some basic metrics and forensics. I looked at munin which gives a lot of really cool info on your system but only reports the current number of banned hosts by fail2ban. I would prefer something already in Fedora b

fail2ban on IPv6 and pam_shield

dated and everyone should switch > over to fail2ban anyway. While reading about the recently found SSH vulnerability, I came across a rather uncontested opinion that fail2ban does not work with IPv6, e.g. see this reddit thread: https://www.reddit.com/r/netsec/com

Re: Firewalld and fail2ban on f21

want them blocked with fail2ban and to have those rules permanently in firewalld so that I can not only have them loaded on a system restart but also can view which addresses have been blocked with firewall-cmd. Thanks. Dave. On 1/3/15, Peter Boy wrote: > Works fine here. Any concern getting i

Re: Firewalld and fail2ban on f21

walld to manage their firewall and fail2ban to protect services > against bots? > > Thanks. > Dave. > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedor

Firewalld and fail2ban on f21

Hello, Last time I tried this combination it was either f19 or f20 I was unable to get it to work as firewalld was new. On f21 is anyone using firewalld to manage their firewall and fail2ban to protect services against bots? Thanks. Dave. -- users mailing list users@lists.fedoraproject.org To

fail2ban on fc20

Hello, Is anyone running fail2ban on fc20 with firewalld? I'm trying to get this working and finding a lot of bug reports on this but not an rpm that goes out of the box. I'd prefer not to have to revert to iptables but I want to stop brute force attempts. Thanks. Dave. -- users ma

Re: Firewalld and fail2ban

On 02/24/14 07:05, David Mehler wrote: > Second question, in my previous setup I used fail2ban to block ip > addresses that were brute forcing the system. I'm wondering if > fail2ban and firewalld can work together? Googling showed it was > possible with an action.d file, but th

Re: Firewalld and fail2ban

ipv4, ipv6, or both? Even with firewalld the underlying work is done by iptables. ip6tables -L and iptables -L Will give you your answer. (Hint: both) > > Second question, in my previous setup I used fail2ban to block ip > addresses that were brute forcing the system. I'm w

Firewalld and fail2ban

Hello, I use to use iptables on fc17, now with firewalld in fc20 I'm migrating to it. I have to say I like it better, there are things I'm curious if it can do. For example, if you allow in http does that work for ipv4, ipv6, or both? Second question, in my previous setup I used f

Re: networking - fail2ban will not start on some installs (x64)

On 07/09/13 20:16, Cristian Sava wrote: > > Yes, you're right. Thank you for the fix. > Why selinux is not complaining with an AVC? > Problem is now fixed in selinux-policy-3.12.1-62.fc19. http://koji.fedoraproject.org/koji/buildinfo?buildID=432416 To get the early download. -- The only thing

Re: networking - fail2ban will not start on some installs (x64)

On 07/09/13 22:00, Ed Greshko wrote: > Heading over to bugzilla now. This appears to be https://bugzilla.redhat.com/show_bug.cgi?id=975695 The same error message noted in this thread are in the bugzilla. I think there is no need create a new one. -- The only thing worse than a poorly ask

Re: networking - fail2ban will not start on some installs (x64)

to that. I'll see if I can figure it out, and if > > not file a bugzilla. > > > Welcome. > > > Ed > > > Probably a dontaudit message. > > Does > > restorecon -R -v /var/run/fail2ban > > Change the label? No. I just did a semodule -DB to ge

Re: networking - fail2ban will not start on some installs (x64)

7;ll see if I can figure it out, and if > not file a bugzilla. > > Welcome. > > Ed > > Probably a dontaudit message. Does restorecon -R -v /var/run/fail2ban Change the label? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Us

Re: networking - fail2ban will not start on some installs (x64)

On 07/09/13 20:16, Cristian Sava wrote: > Yes, you're right. Thank you for the fix. > Why selinux is not complaining with an AVC? I do not know the answer to that. I'll see if I can figure it out, and if not file a bugzilla. Welcome. Ed -- The only thing worse than a poorly asked question i

Re: networking - fail2ban will not start on some installs (x64)

On Tue, 2013-07-09 at 18:52 +0800, Ed Greshko wrote: > Well, I find one thing interesting. > > Notice the error message.... > > fail2ban-client[2804]: ERROR Directory /var/run/fail2ban exists but not > accessible for writing > > But, if you execute the command

Re: networking - fail2ban will not start on some installs (x64)

one thing interesting. Notice the error message fail2ban-client[2804]: ERROR Directory /var/run/fail2ban exists but not accessible for writing But, if you execute the command in the service file from the command line [root@f18x log]# /usr/bin/fail2ban-client -x start 2013-07-09 18:46:1

Re: networking - fail2ban will not start on some installs (x64)

On Tue, 2013-07-09 at 16:56 +0800, Ed Greshko wrote: > Have you checked /var/log/audit/audit.log for AVC (selinux) entries? No AVC messages, not selinux related bug. It is a networking subsystem problem. C. Sava -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscr

Re: networking - fail2ban will not start on some installs (x64)

> > > On installs where iface reported by "route" command is not the > same with > > > ifcfg-iface (pxpy instead of enpxsy or ethx) fail2ban will not > start. > > > Does not matter if biosdevname=0 or net.ifnames=0 on the kernel > line. >

Re: networking - fail2ban will not start on some installs (x64)

not the same with > > ifcfg-iface (pxpy instead of enpxsy or ethx) fail2ban will not start. > > Does not matter if biosdevname=0 or net.ifnames=0 on the kernel line. > > Tested this on real hardware and on VirualBox too. > > > > >From /var/log

Re: networking - fail2ban will not start on some installs (x64)

On Tue, Jul 9, 2013 at 8:51 AM, Cristian Sava wrote: > On Tue, 2013-07-09 at 09:48 +0300, Cristian Sava wrote: > > On installs where iface reported by "route" command is not the same with > > ifcfg-iface (pxpy instead of enpxsy or ethx) fail2ban will not start. > >

Re: networking - fail2ban will not start on some installs (x64)

On Tue, 2013-07-09 at 09:48 +0300, Cristian Sava wrote: > On installs where iface reported by "route" command is not the same with > ifcfg-iface (pxpy instead of enpxsy or ethx) fail2ban will not start. > Does not matter if biosdevname=0 or net.ifnames=0 on the kernel line. &g

networking - fail2ban will not start on some installs (x64)

On installs where iface reported by "route" command is not the same with ifcfg-iface (pxpy instead of enpxsy or ethx) fail2ban will not start. Does not matter if biosdevname=0 or net.ifnames=0 on the kernel line. Tested this on real hardware and on VirualBox too. From /var/log/messages

Re: fail2ban questions

Hi, >> [ssh-iptables] >> enabled = true >> filter = sshd >> action = iptables[name=SSH, port=ssh, protocol=tcp] >>sendmail-whois[name=SSH, dest=myu...@mydomain.com, >> sender=d...@mydomain.com] >> logpath = /var/log/secure >> maxretry = 5 >> >> There doesn't seem to be a man page

Re: fail2ban questions

On Thu, Jan 17, 2013 at 08:16:18PM -0500, Alex wrote: > I have an fc17 install with a few fail2ban jail entries such as this: > [ssh-iptables] > enabled = true > filter = sshd > action = iptables[name=SSH, port=ssh, protocol=tcp] >sendmail-whois[name=SSH, dest=m

fail2ban questions

Hi, I have an fc17 install with a few fail2ban jail entries such as this: [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=myu...@mydomain.com, sender=d...@mydomain.com] logpath = /var/log/secure

Re: firewalld and fail2ban?

do those things. FirewallD manages kernel-based netfilter/iptables firewall. That's kind of what fail2ban does too, in a very rudimentary way. > monitor your logs which fail2ban does to know about attempts to log in > to your system. So this two tools doesn't exclude each o

Re: firewalld and fail2ban?

On 19.12.2012 15:14, Richard Shaw wrote: > I use fail2ban to stop ssh intrusions but was curious about firewalld. > I can't find any information yet, but does anyone know if fail2ban > works with firewalld? Or does some feature of of firewalld make > fail2ban unnecessary? > &g

Re: fail2ban vs. logrotate

On Tue, 2011-10-25 at 16:12 -0400, Mike Wohlgemuth wrote: > I don't see any way to get fail2ban to reopen the log file without > also forgetting the current ban list. As I recall, it's supposed to make temporary bans. So does it really need to keep a ban list forever? You

Re: fail2ban vs. logrotate

On 10/25/2011 4:12 PM, Mike Wohlgemuth wrote: > On 10/25/2011 11:12 AM, Mikkel L. Ellertson wrote: >> It looks like you would have to modify the syslog logrotate script >> and add a second command in the postrotate section after it restarts >> syslogd. Does fail2ban accept

Re: fail2ban vs. logrotate

On 10/25/2011 11:12 AM, Mikkel L. Ellertson wrote: > It looks like you would have to modify the syslog logrotate script > and add a second command in the postrotate section after it restarts > syslogd. Does fail2ban accept a SIGHUP to close and reopen the log file? > > That was m

Re: fail2ban vs. logrotate

On 10/25/2011 01:23 AM, Andre Speelmans wrote: > Change the config file for logrotate so that it does not create a new > file, but that it uses copy-and-truncate. The exact syntax is easily > found in the man-page. > Ah, that looks like what I need. I read the man page and spaced on the implicati

Re: fail2ban vs. logrotate

> It looks like you would have to modify the syslog logrotate script > and add a second command in the postrotate section after it restarts > syslogd. Does fail2ban accept a SIGHUP to close and reopen the log file? Or make it do copy-truncate, which is meant just for these cases where

Re: fail2ban vs. logrotate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 09:07 AM, Andre Speelmans wrote: >> I was referring to the fail2ban RPM. This has to be a problem for >> just about any installation that uses logrotate. > > Most daemons seem to use their own logfile and therefore c

Re: fail2ban vs. logrotate

> I was referring to the fail2ban RPM. This has to be a problem for > just about any installation that uses logrotate. Most daemons seem to use their own logfile and therefore can use their own logrotate configuration script in /etc/logrotate.d. But /var/log/secure is not handled by a sp

Re: fail2ban vs. logrotate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 12:23 AM, Andre Speelmans wrote: >> It sounds like fail2ban still has the old log file open. You need to >> have logrotate tell fail2ban that the log file has changed. > > Change the config file for logrotate so that

Re: fail2ban vs. logrotate

> It sounds like fail2ban still has the old log file open. You need to > have logrotate tell fail2ban that the log file has changed. Change the config file for logrotate so that it does not create a new file, but that it uses copy-and-truncate. The exact syntax is easily found in the ma

Re: fail2ban vs. logrotate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/24/2011 12:14 PM, Mike Wohlgemuth wrote: > I've installed fail2ban on Fedora 15 to block repeated failed ssh > connections. It works great up until logrotate kicks in. When it > rotates /var/log/secure then fail2ban stops notic

Re: fail2ban vs. logrotate

On Mon, Oct 24, 2011 at 20:17, Marvin Kosmal wrote: > Hi > > This does not address your problem directly. > > I use a program called  denyhosts for blocking ssh attempts.  It creates a > list in  /etc/hosts.deny. > > Great program. > +1 to denyhosts. > Good luck > > Marvin > -- Suvayu Open

Re: fail2ban vs. logrotate

On Mon, Oct 24, 2011 at 10:14 AM, Mike Wohlgemuth wrote: > I've installed fail2ban on Fedora 15 to block repeated failed ssh > connections. It works great up until logrotate kicks in. When it > rotates /var/log/secure then fail2ban stops noticing failed ssh > attempts. Usin

fail2ban vs. logrotate

I've installed fail2ban on Fedora 15 to block repeated failed ssh connections. It works great up until logrotate kicks in. When it rotates /var/log/secure then fail2ban stops noticing failed ssh attempts. Using fail2ban-client to reload the jail fixes the problem, but it also c

Re: F15: fail2ban not in iptables status

>         Still have problems. Under /var/log/messages I've this >>> >>         message: >>> >> >>> >>         fail2ban.comm   : WARNING Invalid command: ['add', >>> >>         'ssh-iptables', 'auto'] >&g

Re: F15: fail2ban not in iptables status

;         message: >> >> >> >>         fail2ban.comm   : WARNING Invalid command: ['add', >> >>         'ssh-iptables', 'auto'] >> >> >> >>         Don't know if it is related to my problem. >> >> >> >&

Re: F15: fail2ban not in iptables status

d: ['add', > >> 'ssh-iptables', 'auto'] > >> > >> Don't know if it is related to my problem. > >> > >> Anyway, I am the only one that has this problem (or that runs > >> fail2ban ;) )? > > > &g

Re: F15: fail2ban not in iptables status

;         Still have problems. Under /var/log/messages I've this >>         message: >> >>         fail2ban.comm   : WARNING Invalid command: ['add', >>         'ssh-iptables', 'auto'] >> >>         Don't know if it

Re: F15: fail2ban not in iptables status

;ve this > message: > > fail2ban.comm : WARNING Invalid command: ['add', > 'ssh-iptables', 'auto'] > > Don't know if it is related to my problem. > > Anyway, I am the only one that has thi

Re: F15: fail2ban not in iptables status

'] > > Don't know if it is related to my problem. > > Anyway, I am the only one that has this problem (or that runs fail2ban ;) > )? > > Hi there. Although I do not use fail2ban this sure looks like a bug. You should probably file a bug report. If you want some prot

Re: F15: fail2ban not in iptables status

On Sun, May 29, 2011 at 3:30 PM, sguazt wrote: > Hi, > > I have fail2ban up and running on my Fedora 15. ... [cut] ... > > I use it for banning IPs that try to connect to my host via SSH. > Here's below is a snip of jail.local: ... [cut] ... > > However I can&#x

F15: fail2ban not in iptables status

Hi, I have fail2ban up and running on my Fedora 15. root 1026 0.0 0.3 189936 6724 ?S13:52 0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x I use it for banning IPs that try to connect to my host via SSH. Here's below is a sn