I recall others on this list are using fail2ban to block brute force
login attempts.
Packages are from the EPEL repo, so I'm just sharing some knowledge here.
For about two months now I've had a CentOS 6.3 box (web host) in
production that occasionally is ftp brute forced.
Oddly enough fail2ban wasn't nabbing the perpetrators. I found that
the iptables chain for VSFTP isn't created for one.
I have finally come to find [0] that indicates there's a problem with
the inotify backend.
Setting backend=gamin in /etc/fail2ban/jail.conf gives me the iptables
chain I expect to find and one blocked host.
Hope this is helpful to somebody until a new version is commited to EPEL.
<quote>
yarikoptic:
ok -- that point was not yet good ;) now (0.8.6-95-gc0c1232) that
branch seems to work just perfect. If I hear no complaints or do not
see problem with my instance -- I will merge it into master tomorrow,
thus closing this issue
</quote>
[0] https://github.com/fail2ban/fail2ban/issues/44
---~~.~~---
Mike
// SilverTip257 //
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
