I was working on one of my servers and realized I never installed fail2ban, which reads log files to ban IPs that try to log in. This server is local, but I like to do it out of habit anyway, was just never a priority. Recently I also started using it as a SSH gateway to my network, only my work IP and a few other IPs are allowed through so no big deal, but I still like to take precautions.
Was wondering why it was not working, then checked /var/log/secure and it's completely empty! I did tail -f and then started doing bad logins, still nothing! figured maybe it's going to /var/log/messages for some reason.. that's empty too! I googled it and I'm told to check /etc/syslog.conf, but as my luck would have it, that file does not even exist. Why are these logs empty? I also looked at /etc/ssh/sshd_config to see if there's any line to specify the log file but can't really see anything that would indicate a log location.
This is a fairly default install of CentOS 6 (I think it's 6, might be 5).
Was wondering why it was not working, then checked /var/log/secure and it's completely empty! I did tail -f and then started doing bad logins, still nothing! figured maybe it's going to /var/log/messages for some reason.. that's empty too! I googled it and I'm told to check /etc/syslog.conf, but as my luck would have it, that file does not even exist. Why are these logs empty? I also looked at /etc/ssh/sshd_config to see if there's any line to specify the log file but can't really see anything that would indicate a log location.
This is a fairly default install of CentOS 6 (I think it's 6, might be 5).
Facebook
Twitter