Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » linux » fail2ban
Trace: file_vs_block_storage
networking:linux:fail2ban

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:linux:fail2ban [2013/10/13 15:06]
gcooper 		networking:linux:fail2ban [2017/03/15 08:51] (current)
gcooper
Line 247: Line 247:
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
 +
 +**Correctly count login failures**: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#Count_.22Last_message_repeated_N_times.22_correctly
 +
 +<file>
 +sudo sed -i 's/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/' /etc/rsyslog.conf
 +sudo service rsyslog restart
 +sudo service fail2ban restart
 +</file>
  
 :!: If you can test a filter successfully with ''fail2ban-regex'', but no firewall rules are being added, try using ''polling'' instead of ''gamin'' or ''auto''. :!: If you can test a filter successfully with ''fail2ban-regex'', but no firewall rules are being added, try using ''polling'' instead of ''gamin'' or ''auto''.
  
 This shows failed SSH logins by date: This shows failed SSH logins by date:
 +
 +CentOS/Redhat:
  
 <file> <file>
 cat /var/log/secure* | grep 'authentication failure' | grep sshd | awk '{print $1,$2}' | sort | uniq -c cat /var/log/secure* | grep 'authentication failure' | grep sshd | awk '{print $1,$2}' | sort | uniq -c
 +</file>
 +
 +Debian/Ubuntu:
 +
 +<file>
 +cat /var/log/auth.log | grep sshd.\*Failed
 </file> </file>
  
networking/linux/fail2ban.1381698388.txt.gz · Last modified: 2013/10/13 15:06 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki