On Sun, Apr 28, 2024 at 9:31 AM Frank Bures <buresf(a)gmail.com <mailto:buresf@gmail.com>> wrote: Hi, My machine is exposed to the wild and I was seeing hundreds of connection attempts per day in my logs and in fail2ban.log. All these nefarious activities ceased after upgrade to F40. Question: Is there something fundamentally different in F40 connectivity? I can still connect from outside on pre-defined ports using ssh so my ISP is not blocking anything. I would try this update and see if it fixes your problem. There's also a new release but I want this to go stable first. https://bodhi.fedoraproject.org/updates/FEDORA-2024-95a6cdf26b <https://bodhi.fedoraproject.org/updates/FEDORA-2024-95a6cdf26b>

On 4/28/24 10:31 AM, Frank Bures wrote: > Hi, > > My machine is exposed to the wild and I was seeing hundreds of connection > attempts per day in my logs and in fail2ban.log. > > All these nefarious activities ceased after upgrade to F40. > > Question: > Is there something fundamentally different in F40 connectivity? > I can still connect from outside on pre-defined ports using ssh so my ISP > is not blocking anything. I also use fail2ban to keep the riff-raff out of my home web server.  I also have ssh on a non-standard port and smtp and imap/pop.  I saw no difference between 39 and 40.  I even have some jails set to aggressive mode plus one wrong move and the IP is banned.  Sorry, but I have to ask. It is running, right?  What are the lines in the fail2ban log when it starts?  Can you connect from the outside to whatever ports you have open? Does "sudo systemctl status fail2ban" tell you anything?

> On 28 Apr 2024, at 16:31, Frank Bures <buresf(a)gmail.com&gt; wrote: > > The problem is that there are no connection attempts in /var/log/secure or /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and nothing is updating the legacy /var/log files? What does journalctl report? Barry

On 2024-04-28 11:39, Barry wrote: > > > > On 28 Apr 2024, at 16:31, Frank Bures <buresf(a)gmail.com&gt; wrote: > > > > The problem is that there are no connection attempts in /var/log/secure or /var/log/messages so obviously f2b has nothing to do. > > Maybe the logs are in the journal and nothing is updating the legacy /var/log files? > What does journalctl report? > > Barry That was it! How do I make sshd to log to secure as before?