| 1 |
Looking at the code, Fail2ban uses Inotify to know when a file has changed, |
| 2 |
and only at that point it's open and read. |
| 3 |
Inotify watches don't appear in open files. |
| 4 |
|
| 5 |
Mickaël |
| 6 |
|
| 7 |
|
| 8 |
2015-01-06 1:53 GMT+01:00 Adam Carter <adamcarter3@×××××.com>: |
| 9 |
|
| 10 |
> AFAIK fail2ban tails log files to find login failures, but when i try lsof |
| 11 |
> its not reading daemon.log/auth.log/whatever for sshd's login failure |
| 12 |
> messages. |
| 13 |
> |
| 14 |
> # ps -ef | grep fail2 |
| 15 |
> root 518 1 0 Jan01 ? 00:05:22 /usr/bin/python3.4 |
| 16 |
> /usr/lib64/python-exec/python3.4/fail2ban-server -s |
| 17 |
> /run/fail2ban/fail2ban.sock -p /run/fail2ban/fail2ban.pid -x -b |
| 18 |
> root 21407 21250 0 11:45 pts/1 00:00:00 grep --colour=auto fail2 |
| 19 |
> # lsof -p 518 | grep var |
| 20 |
> fail2ban- 518 root 5w REG 9,126 107 263885 |
| 21 |
> /var/log/fail2ban.log |
| 22 |
> fail2ban- 518 root 6u REG 9,126 16384 1180229 |
| 23 |
> /var/lib/fail2ban/fail2ban.sqlite3 |
| 24 |
> # |
| 25 |
> |
| 26 |
> What am I missing? |
| 27 |
> |
Archives