Leonard den Ottolander wrote:
> Hello Mark,
>
> On Mon, 2012-08-13 at 09:26 -0400, m.roth@xxxxxxxxx wrote:
>> We're seeing on a few of our servers - and sometimes it's only
>> occasionally on some of those - where fail2ban's running happily, AFAIK,
>> but there's an attack (from China, Brazil, etc) on ssh, and they don't
>> seem to be banned; I see many, many sorries for wrong username or
>> password.
>
> Known issue: https://bugzilla.redhat.com/show_bug.cgi?id=833056 .
> Presumably the default notifier pyInotify is bugged so fail2ban will
> *not* notice logs being rotated and read from the rotated log file
> (which doesn't receive updates anymore).
>
> You need to set backend=gamin in jail.conf.
>
Remember reading about that, and on the server I happen to be looking at,
it's been set that way since 18 May. Any other ideas?
Btw, I'm updating, even as I type, that server from 6.2 to 6.3.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
