Re: Find out host of IP
On 06/11/2007 08:53 AM, David Baron wrote:
> On Sunday 10 June 2007, debian-user-digest-request@lists.debian.org wrote:
>>> Someone is trying to ssh on to my system. Trying on several ports. Not
>>> the first time, either. Thankfully, he does not have a password. Besides
>>> a bunch of Deprecated option ReverseMappingCheck, so far no harm done.
>>>
>>> Since my logs have this IP number, how do I find out who it is?
>> Other replies address the question, but you could install fail2ban to
>> throttle the attacks from anywhere. fail2ban is a wonderful solution!
>
> Looks good. I have installed, added a "jail" and path /var/log/auth.log
> I am unable to place a regex for it to detect the failure. Want something like
> "\Failed.+from.+\d" or such. No matter what I enter, it says "no regular
> expression is defined. No delimitor, quote, slash, etc. seems to work either.
> How does one enter these?
David, I don't know how you made it so complicated. :)
I use the default config in the debian fail2ban package, so it "just
works." Suggest you purge/re-install fail2ban, then if you want further
tweaks, read ~$ man fail2ban and/or /etc/fail2ban.conf .
Have fun!
Ralph
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: