On 2017-07-05 00:47, John Andersen wrote:
On 07/04/2017 03:04 PM, Carlos E. R. wrote:
On 2017-07-04 21:47, John Andersen wrote:
On 07/04/2017 10:58 AM, andreil1@starlett.lv wrote:
Few days ago I noticed fail2ban does nothing, and discovered problem with ssh keys permissions.
Then I'd assume you've been hacked, and take it off line (right away), nuke and re-install.
Not necessarily. fail2ban may do nothing if the daemon doesn't run, which may be the case if there are errors in the config files. Or if the logs are not being produced correctly (he changed the syslog daemon).
Fail2ban isn't the main issue here. Its just a symptom of the fact that one or more of his main ssh private keys were set with insecure permissions, and he had no recollection of doing that himself. You would need root to do that.
So I don't see how you blame that on fail2ban.
I'm not blaming fail2ban at all. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)