I have already played with it and concluded that fail2ban missed it...in my previous mail its mentioned that
#fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/proftpd.conf|grep 124.205.130.15 Nothing in the output, that means it has just missed to ban this guy. Kerin did mention that this is an issue on the regex, that it captures the guy who played with an unknown user and not because a user tried 3 times. Honestly, I would love to get to solve the issue as this is obviously not the intention. The idea was to BAN any IP regardless of the user is defined on the box or not. P:S I havent looked on those filter yet, I was on holiday since yesterday so probably tomorrow I will get time to check if I can put my hands dirty on this subject. GR mrfroasty GR mrfroasty Homer Parker wrote: > On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote: > >> Actually we are talking about proftp deamon analysed using >> /var/log/auth.log. >> > > You can play with fail2ban-regex and see what it thinks. > > -- Extra details: OSS:Gentoo Linux profile:x86 Hardware:msi geforce 8600GT asus p5k-se location:/home/muhsin language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS Typo:40WPM url:http://www.mzalendo.net
