Re: fail2ban on sarge.
On 11/10/2005 02:30 PM, Ralph Crongeyer wrote:
> Hi all,
> I've installed fail2ban from unstable on my sarge box. Is any one using it
> on sarge? If so I could yse your help. It seems as though it's not working.
> I'm still getting alot of failed login attempts over SSH and never get
> emailed about a rule being added?
>
> I'm am also using firehol firewall. Would that cause problems for fail2ban
> creating rules?
Hi Ralph,
I've happily used fail2ban on sarge since September. Very effective.
You should re-read the docs; README.Debian and /etc/fail2ban.conf
especially. Email reports, for example, are disabled by default. Just
edit /etc/fail2ban.conf to enable them as you'd prefer.
I had some issues with firestarter firewall that are fixed in fail2ban
0.5.4-7. Obviously if your firewall starts/re-starts /after/ fail2ban,
you can expect some problems as both programs control iptables.
You may find helpful hints for problems in your /var/log/fail2ban.log too.
fail2ban is a delight as it dispatches those pesky ssh brute force attacks.
Regards,
Ralph
Reply to: