[bitfolk] fail2ban

Following recent discussions, I thought I would admit to my own incompetence, and thereby perhaps educate others! Despite having ssh listening on a non-standard port number, I noticed logwatch reported 103 attempts on sshd, which should not be possible if fail2ban was doing its job properly. I realised that my /etc/fail2ban/jail.local did not have the following line: backend = polling This line is non-standard, but without it fail2ban may not work, depending on your distribution, package version etc. This is a known bug. Despite being very well aware that this line is required, I somehow missed it on this server. To compound the problem, I failed to test that fail2ban was actually banning. So a few suggestions: Install logwatch and ensure the emails generated by it are getting through to you. If it hadn't been for logwatch working correctly, I would have been oblivious to the fact that fail2ban was not working. Install fail2ban, but make sure you have "backend = polling" in your config. Run sshd on a non-standard port, but don't forget to update the port in fail2ban as well. And don't forget to test that fail2ban is actually banning! Let the mocking commence :) -- Chris Roberts