CentOS - Aug 2012 - Odd issue with fail2ban

We're seeing on a few of our servers - and sometimes it's only
occasionally on some of those - where fail2ban's running happily, AFAIK,
but there's an attack (from China, Brazil, etc) on ssh, and they don't
seem to be banned; I see many, many sorries for wrong username or
password.

It *seems* to work again once restarted.

        mark

Hello Mark,

On Mon, 2012-08-13 at 09:26 -0400, m.roth at 5-cent.us
wrote:
> We're seeing on a few of our servers - and sometimes it's only
> occasionally on some of those - where fail2ban's running happily,
AFAIK,
> but there's an attack (from China, Brazil, etc) on ssh, and they
don't
> seem to be banned; I see many, many sorries for wrong username or
> password.
Known issue: https://bugzilla.redhat.com/show_bug.cgi?id=833056 .
Presumably the default notifier pyInotify is bugged so fail2ban will
*not* notice logs being rotated and read from the rotated log file
(which doesn't receive updates anymore).

You need to set backend=gamin in jail.conf.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research