FIX: fail2ban does not work in Ubuntu 10.04

In Ubuntu 10.04, rsyslogd is used.

That means that, by default, it compresses repeated syslog messages like this:

Failed password for root from 1.2.3.4 port 22 ssh2
last message repeated 5 time

So, fail2ban count would be ‘1’ for the attack coming from that IP. The fix:

sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf
sudo service rsyslog restart

Bye!

Acerca de Buanzo

Io que se!
Esta entrada fue publicada en General y etiquetada , . Guarda el enlace permanente.