This is on 0.8.8 (I know, I know, it's *OLD* )
We upgraded to Centos6.6 (which uses 0.8.8), which
seems quite *NEW* to *us*.
In the logs, I see this:
[root@10telecom02 ~]# grep 5.79.65.144 /var/log/messages*
/var/log/messages-20150419:Apr 13 17:01:09 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:46:05 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (~18 h?)
/var/log/messages-20150419:Apr 14 11:46:37 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:47:08 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (31 sec?)
/var/log/messages-20150419:Apr 14 11:47:54 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:48:00 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (6 sec?)
/var/log/messages-20150419:Apr 14 11:48:31 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:48:33 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (2 sec?)
/var/log/messages-20150419:Apr 14 11:49:05 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:49:08 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (3 sec?)
/var/log/messages-20150419:Apr 14 11:49:40 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:49:43 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (3 sec?)
/var/log/messages-20150419:Apr 14 11:50:14 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:53:01 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (2m, 47sec?)
/var/log/messages-20150419:Apr 14 11:53:58 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:54:08 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (10 sec?)
/var/log/messages-20150419:Apr 14 11:54:40 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 14 11:55:03 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (23 sec?)
/var/log/messages-20150419:Apr 14 11:55:35 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages-20150419:Apr 17 11:55:35 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Unban 5.79.65.144 (3d)
/var/log/messages-20150419:Apr 18 17:29:20 10t02 fail2ban.actions: WARNING
[asterisk-iptables] Ban 5.79.65.144
/var/log/messages: Apr 21 17:29:20 10t02 fail2ban.actions:
WARNING [asterisk-iptables] Unban 5.79.65.144 (3d)
The comments on the right in the above, are the time between the previous
Ban
and the Unban.
The bans are configured for 3 days.
A restart of fail2ban occurred 14 Apr,
11:46:02 thru 11:46:06 -- stopping jails
11:46:06 thru 11:46:37 -- starting jails
For the IP mentioned above, no events occurred on the 14th that would
trigger a ban via a log file.
>From 11:46:37 to 11:55:35 (about 9 minutes???) the Bans & Unbans bounced
freely!
Has anyone noted this kind of behavior? Is it normal? Is it fixed in a
later version?
murf
--
Steve Murphy
✉ murf at parsetree dot com
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
