fedora-users October 2011 archive
Main Archive Page > Month Archives  > fedora-users archives
fedora-users: Re: fail2ban vs. logrotate

Re: fail2ban vs. logrotate

From: Marvin Kosmal <mkosmal_at_nospam>
Date: Mon Oct 24 2011 - 18:17:47 GMT
To: Community support for Fedora users <users@lists.fedoraproject.org>

On Mon, Oct 24, 2011 at 10:14 AM, Mike Wohlgemuth <mjw@woogie.net> wrote:

> I've installed fail2ban on Fedora 15 to block repeated failed ssh
> connections. It works great up until logrotate kicks in. When it
> rotates /var/log/secure then fail2ban stops noticing failed ssh
> attempts. Using fail2ban-client to reload the jail fixes the problem,
> but it also causes fail2ban to forget all currently banned IP
> addresses. I've found scripts online that will allow for extracting the
> current bans before reloading, and then applying them again after, but
> that seems pretty extreme. I can't help but think I must be missing
> something simple that will get fail2ban to notice that the logs have
> been rotated. Has anyone else seeing this issue? I see some reports in
> bugzilla about fail2ban, but nothing that is definitely this problem.
> Thanks
> Mike
> --


This does not address your problem directly.

I use a program called denyhosts for blocking ssh attempts. It creates a
list in /etc/hosts.deny.

Great program.

Good luck


-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines