fail2ban and CentOS

Discussion in 'Installation/Configuration' started by intratek, May 2, 2011.

  1. intratek

    intratek New Member

    Hello !!

    I am running ISPConfig 3 on CentOS 5.2
    I would like to know about the exact path of the log file, mentioned in jail.conf for ssh jail

    I have following lines in my /var/log/messages....

    May 2 14:55:07 server1 sshd[17693]: Failed password for root from ::ffff:203.217.188.105 port 49741 ssh2
    May 2 14:55:09 server1 sshd[17697]: Failed password for root from ::ffff:203.217.188.105 port 50177 ssh2
    May 2 14:55:11 server1 sshd[17699]: Failed password for root from ::ffff:203.217.188.105 port 50446 ssh2
    May 2 14:55:13 server1 sshd[17701]: Failed password for root from ::ffff:203.217.188.105 port 50852 ssh2
    May 2 14:55:15 server1 sshd[17703]: Failed password for root from ::ffff:203.217.188.105 port 51207 ssh2
    May 2 14:55:17 server1 sshd[17705]: Failed password for root from ::ffff:203.217.188.105 port 51487 ssh2
    May 2 14:55:19 server1 sshd[17708]: Failed password for root from ::ffff:203.217.188.105 port 51929 ssh2


    and a few more.....

    whereas my /var/log/secure registers only successful login attempts only...

    Which one I should use as /var/log/secure or /var/log/messages ??
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. intratek

    intratek New Member

    Problem Solved

    Actually the parameter in /etc/ssh/sshd_config was ------

    SyslogFacility AUTH

    So all the logs were logged to /var/log/messages.

    I changed AUTH to AUTHPRIV. Now the logs are logged to /var/log/secure and I received 3 emails with banned IPs from fail2ban.

    I came to know this when I view the file /etc/syslog.conf.

    Thanks
     

Share This Page