- Plesk Onyx for Linux
- Fail2ban does not ban IP address after many SSH authorization attempts. Failed login attempts are correctly written to
/var/log/securebut Fail2ban does not parse them to
- SSH is configured to use password-based authentication, not key-based.
- "rsyslog" service is used for log management.
- Every new failed login attempt logs into /var/log/secure with time stamp different from actual system time:
# tail -1 /var/log/secure
Jan 1 16:51:40 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.10 user=root
Sun Jan 1 18:51:43 SAST 2017
"rsyslog" service is hang.
2. Restart rsyslog process:
# systemctl restart rsyslog.service
3. After that logs should be written to /var/log/secure in the actual system time:
# tail -2 /var/log/secure
Jan 1 16:54:19 sshd: PAM service(sshd) ignoring max retries; 6 > 3
Jan 1 18:54:24 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.10 user=root