Package: fail2ban Version: 0.8.1-3 Severity: normal Forwarding the ubuntu bug here.
fail2ban fails to catch failed login attempts for valid users. Example line of my /var/log/auth.log that didn't get matched: Oct 13 10:16:34 tardis sshd[18845]: Failed password for nighty from 87.238.161.11 port 38046 ssh2 Replacing the following line in /etc/fail2ban/filter.d/sshd.conf: (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST> with (?:Authentication failure|Failed [-/\w+]+) for .*(?: from|FROM) <HOST> remedies this. Please see: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/152964 -- System Information: Debian Release: lenny/sid APT prefers gutsy-updates APT policy: (500, 'gutsy-updates'), (500, 'gutsy-security'), (500, 'gutsy') Architecture: i386 (i686) Kernel: Linux 2.6.22-14-386 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
