| 1 |
On Monday 28 Apr 2014 20:54:18 thegeezer wrote: |
| 2 |
> On 04/21/2014 08:02 PM, thegeezer wrote: |
| 3 |
> > Hi all, |
| 4 |
> > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's |
| 5 |
> > own log file fail2ban.log in order to block repeat offenders for longer |
| 6 |
> > as abuse@offender doesn't really seem to help these days. |
| 7 |
> > |
| 8 |
> > then i saw a warning saying fail2ban not blocking all requests which i |
| 9 |
> > followed to github [2] wihch has a paste of his logfiles [3] |
| 10 |
> > |
| 11 |
> > now this i commented at github saying it looks similar to something i |
| 12 |
> > discovered when trying to setup authkeys on ssh - namely invalid keys |
| 13 |
> > give you no log file entry saying "invalid keys" |
| 14 |
> > |
| 15 |
> > can anyone tell me if they know how to make the log file entry show that |
| 16 |
> > it was an invalid key? |
| 17 |
> > i only know that it is this from my experience -- when i was using the |
| 18 |
> > wrong key or auth keys file had wrong permission i had only similar |
| 19 |
> > entries in my logs. i did try to find the answer myself at that time but |
| 20 |
> > was unable to. |
| 21 |
> > |
| 22 |
> > thanks in advance! |
| 23 |
> > |
| 24 |
> > |
| 25 |
> > |
| 26 |
> > [1] http://wiki.gentoo.org/wiki/Fail2ban |
| 27 |
> > [2] https://github.com/fail2ban/fail2ban/issues/643 |
| 28 |
> > [3] http://bpaste.net/show/188261/ |
| 29 |
> |
| 30 |
> hey so i've been doing some digging and for openssh to log public key |
| 31 |
> failures you have to set loglevel to minimum of VERBOSE |
| 32 |
> please see my email to openssh mailing list. [4] |
| 33 |
> is this something that could be implemented as a gentoo specific patch ? |
| 34 |
> if so how would i go about requesting it ? |
| 35 |
> i don't know about you all but i'm a little concerned that ssh is not |
| 36 |
> logging bruteforce public keys, they might be harder to crack but if |
| 37 |
> they are invisible in the logs then this could go on silently for a long |
| 38 |
> time. |
| 39 |
> |
| 40 |
> [4] http://marc.info/?l=openssh-unix-dev&m=139871423503774&w=3 |
| 41 |
|
| 42 |
At the very least when one emerges fail2ban there should be an elog message |
| 43 |
informing/warning of the required modifications to the associated |
| 44 |
applications' config files, like ssh, to enable fail2ban to do its filtering. |
| 45 |
|
| 46 |
You can raise a bug for it at: https://bugs.gentoo.org/ |
| 47 |
|
| 48 |
-- |
| 49 |
Regards, |
| 50 |
Mick |
Archives