FIX: fail2ban does not work in Ubuntu 10.04

In Ubuntu 10.04, rsyslogd is used.

That means that, by default, it compresses repeated syslog messages like this:

Failed password for root from 1.2.3.4 port 22 ssh2
last message repeated 5 time

So, fail2ban count would be ‘1’ for the attack coming from that IP. The fix:

sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf
sudo service rsyslog restart

Bye!

Artículos relacionados:

Si te gustó este articulo, ¿ Porque no dejas un comentario a continuación y continuas la conversación, o te suscribes a los feeds y recibes los artículos directamente en tu lector?

Comentarios

No comments yet.

Sorry, the comment form is closed at this time.