FIX: fail2ban does not work in Ubuntu 10.04
In Ubuntu 10.04, rsyslogd is used.
That means that, by default, it compresses repeated syslog messages like this:
Failed password for root from 1.2.3.4 port 22 ssh2
last message repeated 5 time
So, fail2ban count would be ’1′ for the attack coming from that IP. The fix:
sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf
sudo service rsyslog restart
Bye!
Artículos relacionados:
- Fail2ban filter for PHP Injection attacks
- Fail2ban rules for lighttpd fastcgi alerts
- fail2ban patch: ban IP address manually
- Proactive protection enhancements for fail2ban – Part 1
- I’m now a fail2ban developer :D
Si te gustó este articulo, ¿ Porque no dejas un comentario a continuación y continuas la conversación, o te suscribes a los feeds y recibes los artículos directamente en tu lector?
Comentarios
Aún no hay comentarios.
Deja un comentario