wish You all a great year, with peaceful servers.
wellknown: with fail2ban we'll reach! ;-)
ok, some new:
1. never seen those in my messages(log):
Jan 5 23:25:40 sucker sshd: reverse mapping checking
getaddrinfo for corporat201-245179115.sta.etb.net.co [188.8.131.52]
failed - POSSIBLE BREAK-IN ATTEMPT!
how can we define this?
^%(__prefix_line)sreverse mapping checking getaddrinfo for
.(])<HOST>(]) failed - POSSIBLE BREAK-IN ATTEMPT!
" corporat201-245179115.sta.etb.net.co [184.108.40.206] "
could it be: " .(])<HOST>(]) "
I'm not shure....
2. does anybody seen this?
Jan 5 02:00:27 sucker sshd: PAM audit_log_acct_message() failed:
Operation not permitted
depends it from "audit" (a tool for a SLES_firewall? also in opensuse?)
3. sometimes I've seen on my log (fail2ban) this:
2009-01-06 10:02:01,927 fail2ban.actions.action: ERROR iptables -D
INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
(it is undependable from my try today)
how can we get trace this error?
loglevel = 4 hasn't brought me enough knowledge....