I installed OSSEC HIDS in a Ubuntu 18.04 LTS server in a Virtualbox virtual machine, for testing purposes. After OSSEC I installed fail2ban and started to test it. fail2ban is configured by me for banning an IP after 4 wrong login attempts via ssh. So, I tried to ssh connect to my server from another virtual machine, and after 3 attempts (not 4) I was disconnected and apparently banned for about 600 seconds. Now, I wondering what could be happened. It cannot be fail2ban to have banned me, because fail2ban registered only 2 attempts and did not ban me. Is it perhaps OSSEC configured by default to ban an IP after 3 wrong ssh login attempts? I could not find documentation. I noticed that fail2ban enters into play only if there is long time between two failed ssh login attempts.
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/8311356f-deeb-4286-aaac-ac5192ccec2a%40googlegroups.com.
