Package: fail2ban Version: 0.10.2-2.1 Recently i found these lines in auth.log:
sshd[5157]: Connection reset by authenticating user root IP.AD.DR.ES port 56014 [preauth] This line is incorrectly parsed by fail2ban an always produces fail2ban warning: fail2ban.ipdns [834]: WARNING Unable to find a corresponding IP address for authenticating: [Errno -3] Temporary failure in name resolution Result is, that offending IP is not banned. IMO, it is caused by the "mdre-ddos" filter rule in sshd.conf, where incorrect "authenticating" as hostname is captured: ^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>%(__on_port_opt)s%(__suff)s I append this rule (as example) before the above mentioned, which captures correct host: ^Connection <F-MLFFORGET>reset</F-MLFFORGET> by authenticating user \S+ <HOST> regards -- Slavko https://www.slavino.sk
pgpAY8_RNNtiR.pgp
Description: Digitálny podpis OpenPGP
_______________________________________________ Python-modules-team mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
