Package: fail2ban Version: 0.8.1-2 Severity: normal Might warrant higher severity if my analysis is correct and the problem is general. However, it only arises when clocks change.
On Nov 4 my logs show the same rhost attempting to login via ssh every 3 seconds from 01:44:30 through 02:00:09. At that point, fail2ban's log shows it blocked the offending IP. In my timezone, clocks moved back an hour on Nov 4 02:00. I strongly suspect that fail2ban is using the nominal time to determine when it should wake up. So, the first time the clock moved from 1am to 2am, it recorded that it should wake up shortly after 2am. This meant it went to sleep for an hour, from the second 01:00 to 02:00. It's possible there might be issues when clocks move forward as well. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii iptables 1.3.8.0debian1-1 administration tools for packet fi ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii python 2.4.4-6 An interactive high-level object-o ii python-central 0.5.15 register and build utility for Pyt fail2ban recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
