On 06/11/2007 08:53 AM, David Baron wrote: > On Sunday 10 June 2007, [EMAIL PROTECTED] wrote: >>> Someone is trying to ssh on to my system. Trying on several ports. Not >>> the first time, either. Thankfully, he does not have a password. Besides >>> a bunch of Deprecated option ReverseMappingCheck, so far no harm done. >>> >>> Since my logs have this IP number, how do I find out who it is? >> Other replies address the question, but you could install fail2ban to >> throttle the attacks from anywhere. fail2ban is a wonderful solution! > > Looks good. I have installed, added a "jail" and path /var/log/auth.log > I am unable to place a regex for it to detect the failure. Want something like > "\Failed.+from.+\d" or such. No matter what I enter, it says "no regular > expression is defined. No delimitor, quote, slash, etc. seems to work either. > How does one enter these?
David, I don't know how you made it so complicated. :) I use the default config in the debian fail2ban package, so it "just works." Suggest you purge/re-install fail2ban, then if you want further tweaks, read ~$ man fail2ban and/or /etc/fail2ban.conf . Have fun! Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
