Re: fail2ban vs. logrotate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/24/2011 12:14 PM, Mike Wohlgemuth wrote:
> I've installed fail2ban on Fedora 15 to block repeated failed ssh 
> connections.  It works great up until logrotate kicks in.  When it 
> rotates /var/log/secure then fail2ban stops noticing failed ssh 
> attempts.  Using fail2ban-client to reload the jail fixes the problem, 
> but it also causes fail2ban to forget all currently banned IP 
> addresses.  I've found scripts online that will allow for extracting the 
> current bans before reloading, and then applying them again after, but 
> that seems pretty extreme. I can't help but think I must be missing 
> something simple that will get fail2ban to notice that the logs have 
> been rotated.  Has anyone else seeing this issue?  I see some reports in 
> bugzilla about fail2ban, but nothing that is definitely this problem.
> 
> Thanks
> Mike

It sounds like fail2ban still has the old log file open. You need to
have logrotate tell fail2ban that the log file has changed.

Logrotate already does this will other services when it rotates
their log file. I am surprised the .rpm did not include the files
for logrotate to automatically sent the proper signal to fail2ban.

Mikkel
- -- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6l+nwACgkQqbQrVW3JyMQXbwCfWwWQXNCmsHlIriPqHy1FALI9
asQAn1qsjxbOzlxOT3yn81XHj5bR5aLn
=vGsK
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux