An update on July 19th's
Trying
fail2ban: iptables DROPs IPs with multiple authentication
failures:
07/21/05 06:07:55.673 INFO SSH:
62.216.174.36 has 5 login failure(s). Banned.
07/21/05 06:07:56.121 WARNING Ban 62.216.174.36
07/21/05 06:09:09.560 INFO SSH: 62.216.174.36 has 5 login
failure(s). Banned.
07/21/05 06:09:09.564 ERROR 62.216.174.36 already in ban list
07/21/05 06:10:04.130 INFO SSH: 62.216.174.36 has 5 login
failure(s). Banned.
07/21/05 06:10:04.144 ERROR 62.216.174.36 already in ban list
07/21/05 06:17:56.591 WARNING Unban 62.216.174.36
07/21/05 08:43:02.944 INFO SSH: 192.192.154.182 has 5 login
failure(s). Banned.
07/21/05 08:43:03.450 WARNING Ban 192.192.154.182
07/21/05 08:53:04.110 WARNING Unban 192.192.154.182
I haven't yet done an `iptables -L INPUT|grep DROP|head` while
fail2ban has banned an IP, so I haven't confirmed that the IP
actually does get 'banned', but fail2ban looks to be doing its job
so far.
These IPs match those returned by `grep llegal
/var/log/auth.log|grep "Jul 21"|grep -v grep`, so fail2ban is
reporting that it's acting on those IPs and presumably, only on
those IPs.