I have the exact same problem. I reproduced and observed the same
behavior with logrotate as stated above. Polling solved the problem as
stated.
But:
A few weeks ago my Ubuntu 14.04 server had strange problems and errors. I
didn't have time to figure it out and made a clean install.
Yesterday
I'd second the downvote as an security issue.
Fail2ban's purpose is to block brute-force attacks. People installing
this software rely on it to do just that. But immediately after the
first logrotate, fail2ban will silently stop blocking brute-force
attacks, letting attackers cross security
I installed fail2ban 0.8.13-1 from Ubuntu Utopic on Ubuntu Trusty. With
this version, Fail2Ban works as expected e.g. bans IP adresses with SSH
jail.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
This bug allows attackers to bypass security provisions designed to
prevent brute-force attacks - which is the only purpose of the software.
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: fail2ban (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1406996
Title:
I had this problem on Ubuntu 14.04 with Fail2Ban v0.8.11.
Using backend = polling in /etc/fail2ban/jail.local seems to work for
me.
see discussion at; https://github.com/fail2ban/fail2ban/issues/878
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
After a bit of testing it seems like the github issue actually is the
problem. When auth.log gets rotated by logrotate, fail2ban no longer
tracks changes to it, and so never takes any actions from that point on.
To reproduce this:
1. Set up a server in a VM with sshd and install fail2ban. No
Seems like that's not the problem after all...
** Summary changed:
- fail2ban fails to ban after logrotate
+ fail2ban fails to ban
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1406996
Title:
Possibly related:
https://github.com/fail2ban/fail2ban/issues/44
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1406996
Title:
fail2ban fails to ban
To manage notifications about this bug go to:
10 matches
Mail list logo
