fail2ban vs. logrotate
Mike Wohlgemuth
mjw at woogie.net
Mon Oct 24 17:14:47 UTC 2011
I've installed fail2ban on Fedora 15 to block repeated failed ssh
connections. It works great up until logrotate kicks in. When it
rotates /var/log/secure then fail2ban stops noticing failed ssh
attempts. Using fail2ban-client to reload the jail fixes the problem,
but it also causes fail2ban to forget all currently banned IP
addresses. I've found scripts online that will allow for extracting the
current bans before reloading, and then applying them again after, but
that seems pretty extreme. I can't help but think I must be missing
something simple that will get fail2ban to notice that the logs have
been rotated. Has anyone else seeing this issue? I see some reports in
bugzilla about fail2ban, but nothing that is definitely this problem.
Thanks
Mike
More information about the users
mailing list