Good day- I have not encountered this issue under GNU/Linux Debian instances that I mostly manage. However, managing an Red Hat derivative instance, I noticed that syslog has been mixing the local time zone of the server with the UTC when crackers attempt penetration. This causes fail2ban to not block the attacking intruders on the initial few counts since it "thinks" there is an 7 hour difference between attacks. I have gone to the extent of installing syslog-ng with no change in the logging (as I am reading the extensive documentation). However I had to ask if any of you might shed some light on the issue. Mar 16 07:04:59 [myHostIP] sshd[4498]: User root from 190.41.147.107 not allowed [] Mar 16 14:04:59 [myHostIP] sshd[4499]: input_userauth_request: invalid user root Mar 16 14:05:00 [myHostIP] sshd[4499]: Received disconnect from 190.41.147.107: 11: Bye Bye Mar 16 07:07:24 [myHostIP] sshd[4517]: Did not receive identification string from 143.248.156.63 Mar 16 07:13:08 [myHostIP] sshd[4519]: Did not receive identification string from 216.7.131.210 Mar 16 07:17:46 [myHostIP] sshd[4521]: Did not receive identification string from 210.70.140.17 Mar 16 08:31:17 [myHostIP] sshd[4550]: User root from mmpcr05.kaist.ac.kr not allowed [] Mar 16 15:31:17 [myHostIP] sshd[4551]: input_userauth_request: invalid user root Thanks in advance for any input. -- Jose R R http://www.metztli-it.com --------------------------------------------------------------------------------------------- IBM Lotus Symphony supported on GNU/Linux, Mac OS, and Windows. --------------------------------------------------------------------------------------------- Daylight Saving Time in USA & Canada starts: Sunday, March 13 2011 --------------------------------------------------------------------------------------------- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
