Just Another GetSimple Website
Fail2ban and time travel
One of my Linux boxen didn't seem to be capturing login failures properly with fail2ban. After a bit of googling I discovered the fail2ban-regex command, and used it as such(on Ubuntu):
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
I was quite confused when it properly identified hundreds of failed login attempts. Then I noticed something odd at the end of the list. The last few hits were tagged as being from exactly one year ago.
I went round and round with ntpdate and UTC=no/yes and rebooting the box until I just caved and set UTC as my local timezone. I'm still too new with Ubuntu to figure out what the right way to handle it is.