On Wed, 14 Jan 2015, Galen Seitz wrote:
Hi,
Is anyone else seeing problems with denyhosts not blocking some failed
logins? This popped up in last night's logwatch:
Galen,
I've largely ditched DenyHosts for Fail2ban, but I saw similar things
a few weeks ago. The problem was that somewhere along the line the
entries in syslog no longer matched the regex that indicated a failed
login.
I ended up writing a new set of regexes for Fail2ban. They sometimes
overlap with the existing ones (which I didn't alter), but I'd rather
have a bad log entry match twice than not at all.
Bottom line: I'd suggest comparing the log entries that weren't
matched with the regex code in DenyHosts.
--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
_______________________________________________
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
