I have two CentOS servers running one is 6.6 and the other 7. I got fail2ban installed & running on both. According to documentation it appears it watches /var/log/auth.log ... which exists on neither machine.
http://www.fail2ban.org/wiki/index.php/ ... bruteforce
Am I misunderstanding something? I am trying to make sure the SSH portion is working before I expand it to vsftp. I have created a mail setcion and supplied an address, but it may take a few days before I get "hammered" with attempts again. (Oh - reminds me, gotta set the attempt level in denyhosts on the 6.6 server up to 4 so fail2ban gets a chance at it.)
Thank you.
edit:
Whatta doap! Wrong log setting - was for Debian, Mandrake, etc. OK - just need to read how to change it and I'll be good to go!
[SOLVED] fail2ban ... setup
-
lightman47
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
-
lightman47
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: [SOLVED] fail2ban ... setup
addendum: Because I'd installed via YUM the jail.conf(cp to .local) already had the correct filespec.