fail2ban time offset issues
While trying to set up fail2ban, I found that even though my regex/logs matched up nothing was being banned/caught by fail2ban
After a bit of investigation it seems that the auth.log time was being written in GMT whereas fail2ban was expecting it in BST:
==> /var/log/auth.log <== Oct 11 20:52:21 ns2 sshd: Invalid user test from 184.108.40.206 Oct 11 20:52:21 ns2 sshd: Failed none for invalid user test from 220.127.116.11 port 47862 ssh2 Oct 11 20:52:28 ns2 sshd: Failed password for invalid user test from 18.104.22.168 port 47862 ssh2 ==> /var/log/fail2ban.log <== 2010-10-11 21:52:04,017 fail2ban.filter: DEBUG /var/log/auth.log has been modified 2010-10-11 21:52:04,029 fail2ban.filter.datedetector: DEBUG Sorting the template list
Fairly simple fix of:
rm /etc/localtime ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
and I am now successfully banning myself from accessing my server.