On Monday 28 Apr 2014 20:54:18 thegeezer wrote: > On 04/21/2014 08:02 PM, thegeezer wrote: > > Hi all, > > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's > > own log file fail2ban.log in order to block repeat offenders for longer > > as abuse@offender doesn't really seem to help these days. > > > > then i saw a warning saying fail2ban not blocking all requests which i > > followed to github [2] wihch has a paste of his logfiles [3] > > > > now this i commented at github saying it looks similar to something i > > discovered when trying to setup authkeys on ssh - namely invalid keys > > give you no log file entry saying "invalid keys" > > > > can anyone tell me if they know how to make the log file entry show that > > it was an invalid key? > > i only know that it is this from my experience -- when i was using the > > wrong key or auth keys file had wrong permission i had only similar > > entries in my logs. i did try to find the answer myself at that time but > > was unable to. > > > > thanks in advance! > > > > > > > > [1] http://wiki.gentoo.org/wiki/Fail2ban > > [2] https://github.com/fail2ban/fail2ban/issues/643 > > [3] http://bpaste.net/show/188261/ > > hey so i've been doing some digging and for openssh to log public key > failures you have to set loglevel to minimum of VERBOSE > please see my email to openssh mailing list. [4] > is this something that could be implemented as a gentoo specific patch ? > if so how would i go about requesting it ? > i don't know about you all but i'm a little concerned that ssh is not > logging bruteforce public keys, they might be harder to crack but if > they are invisible in the logs then this could go on silently for a long > time. > > [4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3
At the very least when one emerges fail2ban there should be an elog message informing/warning of the required modifications to the associated applications' config files, like ssh, to enable fail2ban to do its filtering. You can raise a bug for it at: https://bugs.gentoo.org/ -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
