Robert G. (Doc) Savage wrote: --SNIP--
Those 437 Unknown Account failures appear to be typical of your script kiddie brute force attack. Some days logwatch reports mover 2,000 failed attempts. What annoys the crap out of me is that most of the attacking IP addresses resolve to PRC. I'm pretty careful about setting up my systems to minimize the number of services and accounts, and to use strong passwords. When I read about fail2ban it seemed to be a solid way to use iptables to further harden my system against those IP addresses that demonstrably make obnoxious asses of themselves -- Peoples Liberation Army or whoever. --Doc
I know this isn't what you asked but I use BlockSSHD to do what you want fail2ban to do.
http://blocksshd.sourceforge.net/ Works for me. -- Tim _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
