Fail2ban is failing to ban VSFTPD bruteforce:<\/p>\n
In my case with VSFTPD, with unresolvable DNS names from \/var\/log\/secure:<\/p>\n
Scenario:<\/strong> VSFTP configuration is set for PAM authentication, using xferlog in standard format. Fail2ban for vsftpd is watching \/var\/log\/secure<\/p>\n Problem:<\/strong> PAM sends failed login information to \/var\/log\/secure, but the remote server’s IP address has been replaced by a DNS name. Resulting DNS name does not resolve or does not resolve correctly, thus fail2ban is unable to ban the IP address.<\/p>\n Fix:<\/strong> Configure VSFTP for “dual_log_enable=YES”, and have fail2ban watch \/var\/log\/vsftpd.log instead. This log file shows the incoming ip address instead of the DNS name.<\/p>\n [ update<\/strong>: you also need to adde’use_localtime=YES’ to config file of VSFTPD. otherwise, above trick not working. it took me hours to solve the problem. :(]<\/p>\n Source and more tips.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"