On Tue, Oct 18, 2005 at 10:08:53AM -0400, Ralph Katz wrote: > Yesterday using 0.5.4-5.14, valid ssh logins worked fine, and ssh > attacks were correctly prevented.
> Maybe fail2ban starts too soon?
That would be my guess too. fail2ban boots in rc2.d, so all relevant
modules should be loaded by that time. I hope you don't use any
"fast-boot" tricks as to boot init scripts in parallel (&)?
Anyway I should fix fail2ban to don't fail that miserably in the case
when iptables is not available at the start time. But I'm not sure what
should I do about iptables detection because fail2ban itself is
independent of specific firewalling solution -- commands are given in
the config file. I might want to add something like
waitCmd
waitTime
so fail2ban runs waitCmd for waitTime seconds (sleeping a second between
runs) and if waitCmd never succeeds - exits, reporting the error.
That would prevent your cases from happening...
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpeCPI54zwVG.pgp
Description: PGP signature
