Running fail2ban-0.9.7-2.fc26.noarch, but I'm not seeing which filter
in /etc/fail2ban/filter.d
would catch login attempts with errors such as:
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
: 24 time(s)
or:
Sep 24 05:55:04 ourserver sshd[22772]: pam_succeed_if(sshd:auth):
requirement "uid >= 1000" not met by user "root"
Sep 24 05:55:06 ourserver sshd[22772]: Failed password for root from
123.59.182.194 port 43862 ssh2
I tried a grep 1000 */* in that directory, no results. I see an SX
suggestion from 2015, https://unix.stackexchange.com/a/204393/180291
*"I had a ssh section on my jail local but now I see that I was missing a
ssh-iptables section so it would add rules to iptables and now it
works:[ssh-iptables]enabled = truefilter = sshdaction =
iptables[name=SSH, port=ssh, protocol=tcp]logpath =
/var/log/securemaxretry = 5"*
But is this the same as enabling the [sshd] jail/filter?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
