• Inicio
• Comunidad
• Futurabanda

FIX: fail2ban does not work in Ubuntu 10.04

In Ubuntu 10.04, rsyslogd is used.

That means that, by default, it compresses repeated syslog messages like this:

Failed password for root from 1.2.3.4 port 22 ssh2
last message repeated 5 time

So, fail2ban count would be ‘1’ for the attack coming from that IP. The fix:

sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf
sudo service rsyslog restart

Bye!

Artículos relacionados:

• Fail2ban filter for PHP Injection attacks
• Fail2ban rules for lighttpd fastcgi alerts
• fail2ban patch: ban IP address manually
• Introducing fail2ban-zmq-tools: a fail2ban clustering solution based on zeromq
• Proactive protection enhancements for fail2ban – Part 1

Si te gustó este articulo, ¿ Porque no dejas un comentario a continuación y continuas la conversación, o te suscribes a los feeds y recibes los artículos directamente en tu lector?

Copyright Buanzolandia | Con la potencia WordPress | Tema Deep Blue en castellano