Hello, i have installed fail2ban like described in the howto Preventing Brute Force Attacks With Fail2ban On OpenSUSE 10.3. The installation completed without errors or warnings. The only jail i configuered and acitvated is ssh-iptables. Fail2Ban works and i receive eMails when it stops or starts. In fail2ban.log is this comment: fail2ban.filter: WARNING Unable to find a corresponding IP address for mail.szitcons.ch i tried several false logins with putty and ssh but no reaction. Then i tried the same install on an other System with Suse 10.0 an everything works alright. The only difference i found is the version of python. On Suse 10.3 is python-2.5.1-39.2 an on the Suse 10.0 is python-2.4.1-3.5 hope somebody could help... Thanks, Libor
Hi Falko, my nameserver in resolv.conf is 192.168.200.1 dig says: ; <<>> DiG 9.4.1-P1 <<>> mail.szitcons.ch ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1031 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.szitcons.ch. IN A ;; ANSWER SECTION: mail.szitcons.ch. 5467 IN A 78.47.67.122 ;; Query time: 29 msec ;; SERVER: 192.168.200.1#53(192.168.200.1) ;; WHEN: Sun Jul 27 08:59:15 2008 ;; MSG SIZE rcvd: 50 bye, Libor
I have not installed AppArmor at all. It seems that Fail2Ban even does not read the whole file /var/log/messages but only some lines.
Hi Falko, i think i am blind! You were right. The IP 192.168.200.1 in /etc/resolv.com is not a valid DNS Server. I changed it and now it works. Thanks a lot, Libor