Greetings, I've just tried fail2ban on lenny in stock configuration, it ignored all eligible sshd failures in auth.log (verified by running fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf) until I've installed python-gamin and changed backend to auto in jail.conf.
Example of failures that weren't detected by polling backend: Apr 24 13:02:46 (none) sshd[12016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.140.42.5.static.user.ono.com user=root Apr 24 13:02:48 (none) sshd[12016]: Failed password for root from 89.140.42.5 port 37635 ssh2 Apr 24 13:02:49 (none) sshd[12018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.140.42.5.static.user.ono.com user=root Apr 24 13:02:51 (none) sshd[12018]: Failed password for root from 89.140.42.5 port 37987 ssh2 Apr 24 13:02:51 (none) sshd[12020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.140.42.5.static.user.ono.com user=root Apr 24 13:02:53 (none) sshd[12020]: Failed password for root from 89.140.42.5 port 38302 ssh2 Apr 24 13:02:54 (none) sshd[12022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.140.42.5.static.user.ono.com user=root Apr 24 13:02:56 (none) sshd[12022]: Failed password for root from 89.140.42.5 port 38620 ssh2 Apr 24 13:02:56 (none) sshd[12024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.140.42.5.static.user.ono.com user=root Apr 24 13:02:58 (none) sshd[12024]: Failed password for root from 89.140.42.5 port 38941 ssh2 Apr 24 13:02:58 (none) sshd[12026]: Invalid user test from 89.140.42.5 Example of identical failures that were detected by gamin backend: Apr 25 17:58:23 (none) sshd[16527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-24725.dedibox.fr user=root Apr 25 17:58:25 (none) sshd[16527]: Failed password for root from 88.191.134.206 port 53214 ssh2 Apr 25 17:58:25 (none) sshd[16530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-24725.dedibox.fr user=root Apr 25 17:58:28 (none) sshd[16530]: Failed password for root from 88.191.134.206 port 53282 ssh2 Apr 25 17:58:28 (none) sshd[16532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-24725.dedibox.fr user=root Apr 25 17:58:29 (none) sshd[16532]: Failed password for root from 88.191.134.206 port 53828 ssh2 Given this evidence, I agree that python-gamin should be moved to recommends, and default jail.conf should have backend = auto. -- Dmitry Borodaenko -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
