Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Douglas Muth on 22 Mar 2009 18:48:56 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fail2ban (was: Re: 'logcheck')

From: Douglas Muth <doug.muth@gmail.com>

To: bergman@merctech.com, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Date: Sun, 22 Mar 2009 21:48:51 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

On Sun, Mar 22, 2009 at 8:19 PM, <bergman@merctech.com> wrote: > > => process started the daemon, and 6 login attempts later, all traffic > => from that host was dropped via iptables. > > Six login attempts? You're very generous. I ban hosts after 3 attempts. I > also changed the banned period from the default to one hour. Just to clarify, 6 attempts is the default config for fail2ban in Ubuntu 8.04. If I had to guess, the number is 6 because each attempt to ssh in allows the user 3 tries. And I know I've exceeded 3 tries before when I thought I was logging into a different machine, for example. (Then I started using SSH keys and that was no longer a problem :-) -- Doug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] Fail2ban (was: Re: 'logcheck')
From: Douglas Muth <doug.muth@gmail.com>

Re: [PLUG] Fail2ban (was: Re: 'logcheck')
From: bergman@merctech.com

Prev by Date: Re: [PLUG] 'logcheck'

Next by Date: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Previous by thread: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Next by thread: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Index(es):

Date

Thread