Hello, Has anyone got fail2ban working and blocking ssh spambot atempts? My ssh is logging with a facility of authpriv which syslogd sends to /var/log/secure. That file has 600 permissions owned and group of root. I want to make it where fail2ban can access the needed file, yet not make it insecure in the process. I was not wanting to change permissions last time I did that on a log file a cron daily report kept noting it. I'd appreciate any suggestions. Thanks. Dave.
David Mehler wrote:> Hello, > Has anyone got fail2ban working and blocking ssh spambot atempts? My > ssh is logging with a facility of authpriv which syslogd sends to > /var/log/secure. That file has 600 permissions owned and group of > root. I want to make it where fail2ban can access the needed file, yet > not make it insecure in the process. I was not wanting to change > permissions last time I did that on a log file a cron daily report > kept noting it. I'd appreciate any suggestions. > Thanks. > Dave. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >If you fail to setup fail2ban, use denyhosts instead. I use it for 3-4 years. Ljubomir
2011/5/8 David Mehler <dave.mehler at gmail.com>:> Hello, > Has anyone got fail2ban working and blocking ssh spambot atempts? My > ssh is logging with a facility of authpriv which syslogd sends to > /var/log/secure. That file has 600 permissions owned and group of > root. I want to make it where fail2ban can access the needed file, yet > not make it insecure in the process. I was not wanting to change > permissions last time I did that on a log file a cron daily report > kept noting it. I'd appreciate any suggestions.Well. fail2ban runs as root as it modified iptables rules? So, no need to modify file access? -- Eero