kb: technical
Plesk Onyx for Linux
ABT: Group A
Applicable to:
- Plesk Onyx for Linux
Symptoms
- Fail2ban does not ban IP address after many SSH authorization attempts. Failed login attempts are correctly written to
/var/log/securebut Fail2ban does not parse them to/var/log/fail2ban.log - SSH is configured to use password-based authentication, not key-based.
- The
rsyslogservice is used for log management. - Every new failed login attempt logs into
/var/log/securewith time stamp different from actual system time:
# tail -1 /var/log/secure
sshd[16856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.10 user=root
# date
Sun Jan 1 18:51:43 SAST 2017
Cause
The rsyslog service is hang.
Resolution
To solve this behavior perform the following steps:
- Connect to the server via SSH
-
Restart rsyslog process:
# systemctl restart rsyslog.service
-
After that logs should be written to
/var/log/securein the actual system time:# tail -2 /var/log/secure
sshd[16928]: PAM service(sshd) ignoring max retries; 6 > 3
sshd[16940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.10 user=root
Comments
Please sign in to leave a comment.