Comments (4)
At least on CentOS 6, the pid in syslog is of the child (the attempt connection that failed), as opposed to the parent process's pid in /var/run/sshd.pid.
from fail2ban.
Considering fail2ban largely deals with failed login attempts (SSH), the SSH pid is essentially ephemeral and not linked to a parent for very long - I'm not sure how such an association could be reliably be made between the parent pid (SSH) and the failed log in SSH pid's. And if other applications behave differently (thread vs process) fail2ban would also need to understand all of those relationships.
from fail2ban.
I've tried some time ago with a small change on my fail2ban, where #1698 was already implemented, so I could get the PID from the several filters, by adding <F-PID>\S+</F-PID>
(and using a simple solution by checking of PID with pid_exists in failmanager).
It works as expected... But not for the services like sshd, because of session- resp. connection-related pid, so fail2ban misses the failure sporadic, if the connection was closed too fast after failure (pid_exists says False).
I can try to cherry-pick it, if someone needed.
from fail2ban.
Playing a bit with this I can judge that this approach is hardly suitable (as for PID validation), at least turns out to be not really practicable, but also too error-prone.
Thus I tend to close it at the moment.
Please reopen if the interest is still existing.
from fail2ban.
Related Issues (20)
- Fail2ban - Raspberry Pi5 64bit Bookworm - not working as expected, not reading systemd logs? HOT 6
- [FR]: Ubuntu 22.04.4 LTS fail2ban Unable to match some authentication failure logs HOT 4
- [BR]: Test testStatusStats fails with 1.1.0 on Fedora Rawhide HOT 10
- Help Needed: Creating Fail2ban Filter for Exchange Autodiscover Failed Login Attempts HOT 1
- [BR]: installing fail2ban on ubuntu 24.04 with apt-get showing errors and is not starting HOT 2
- [BR]: ERROR No module named 'asynchat' on Ubuntu 24.04 HOT 7
- [FR]: Wordpress Fail2ban filter not processing authentication failures on Debian bookworm HOT 7
- [BR]:The jail set in the configuration file is not loaded HOT 6
- >Jail not being loaded issue HOT 2
- Failed to execute ban HOT 8
- [RFE]: Extend ignoreip to cater for dynamic IP scenarios by resolving FDNs assigned HOT 1
- [BR]: Can't start fail2ban service on Ubuntu 24.04 HOT 1
- [BR]: You can use root commands HOT 2
- [BR]: Python 3.12 shows DeprecationWarning about use of os.fork() HOT 1
- [FR]: SNMPv3 filters for Unknown User, Bad AUTH password and PRIV password, multiline, mutiple filters HOT 4
- [BR]: Insufficient patching for systemd/Debian HOT 2
- How to protect Nginx container by Fail2Ban? HOT 1
- file permissions HOT 4
- Unable to Configure Custom Log Parsing in fail2ban for Calibre-Web HOT 2
- [BR]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.