FIX: fail2ban does not work in Ubuntu 10.04

In Ubuntu 10.04, rsyslogd is used.

That means that, by default, it compresses repeated syslog messages like this:

Failed password for root from port 22 ssh2
last message repeated 5 time

So, fail2ban count would be ‘1’ for the attack coming from that IP. The fix:

sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf
sudo service rsyslog restart


Acerca de Buanzo

Io que se!
Esta entrada ha sido publicada en General y etiquetada como , . Guarda el enlace permanente.