Package: fail2ban
Version: 0.9.6-2
Severity: important

Dear Maintainer,

I installed fail2ban on a fairly vanilla stretch system, and expected (based on
the default configuration) to get some basic protection for my SSH daemon.
However, that is not the case: I just had a burst of logins from two distinct IP
addresses, both of them easily going beyond the default threshold of 5 attempts
per 10 minutes.  Neither of them got blocked: fail2ban did not log any action,
nor did it send me an email about any action.

This is pretty bad---a package that claims to protect the system, but doesn't do
so, is arguably worse than no protection at all.

This may be related to
<>, but I *do* have a
/var/log/auth.log as rsyslog is installed.

Kind regards,

Reply via email to