On 01/15/15 13:32, Paul Heinlein wrote: > On Wed, 14 Jan 2015, Galen Seitz wrote: > >> Hi, >> >> Is anyone else seeing problems with denyhosts not blocking some failed >> logins? This popped up in last night's logwatch: > > Galen, > > I've largely ditched DenyHosts for Fail2ban, but I saw similar things a > few weeks ago. The problem was that somewhere along the line the entries > in syslog no longer matched the regex that indicated a failed login. > > I ended up writing a new set of regexes for Fail2ban. They sometimes > overlap with the existing ones (which I didn't alter), but I'd rather > have a bad log entry match twice than not at all. > > Bottom line: I'd suggest comparing the log entries that weren't matched > with the regex code in DenyHosts.
Belated thanks, Paul. I've finally gotten back to this. I installed fail2ban this morning. After an initial misconfiguration (sending the ban notifications to example.com), I think it's now running properly. What is somewhat interesting is that denyhosts is now blocking some of the same hosts as fail2ban. I have no idea why installing fail2ban would cause denyhosts to start working again. Perhaps it noticed the competition and decided to start doing its job. In any event, once I'm confident fail2ban is working, I will retire denyhosts. galen -- Galen Seitz [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
