fail2ban阻止vsftpd暴力攻击失败的对策

Fail2ban is failing to ban VSFTPD bruteforce:

In my case with VSFTPD, with unresolvable DNS names from /var/log/secure:

Scenario: VSFTP configuration is set for PAM authentication, using xferlog in standard format. Fail2ban for vsftpd is watching /var/log/secure

Problem: PAM sends failed login information to /var/log/secure, but the remote server’s IP address has been replaced by a DNS name. Resulting DNS name does not resolve or does not resolve correctly, thus fail2ban is unable to ban the IP address.

Fix: Configure VSFTP for “dual_log_enable=YES”, and have fail2ban watch /var/log/vsftpd.log instead. This log file shows the incoming ip address instead of the DNS name.

[ update: you also need to adde’use_localtime=YES’ to config file of VSFTPD. otherwise, above trick not working. it took me hours to solve the problem. :(]

Source and more tips.