On Mon, Oct 24, 2011 at 10:14 AM, Mike Wohlgemuth <mjw@woogie.net> wrote:
I've installed fail2ban on Fedora 15 to block repeated failed ssh
connections.  It works great up until logrotate kicks in.  When it
rotates /var/log/secure then fail2ban stops noticing failed ssh
attempts.  Using fail2ban-client to reload the jail fixes the problem,
but it also causes fail2ban to forget all currently banned IP
addresses.  I've found scripts online that will allow for extracting the
current bans before reloading, and then applying them again after, but
that seems pretty extreme. I can't help but think I must be missing
something simple that will get fail2ban to notice that the logs have
been rotated.  Has anyone else seeing this issue?  I see some reports in
bugzilla about fail2ban, but nothing that is definitely this problem.

Thanks
Mike
--


Hi

This does not address your problem directly. 

I use a program called  denyhosts for blocking ssh attempts.  It creates a list in  /etc/hosts.deny.

Great program.

Good luck

Marvin