adjusted description of bantime/findtime in README.Debian (closes: #507771)

debian-releases/squeeze
Yaroslav Halchenko 2009-01-18 11:56:20 -05:00
parent 342c40c7b0
commit de98375553
1 changed files with 12 additions and 1 deletions

13
debian/README.Debian vendored
View File

@ -190,10 +190,21 @@ by fail2ban.
An IP is banned for "bantime" not since the last failed login attempt An IP is banned for "bantime" not since the last failed login attempt
from the IP, but rather since the moment when failed login was from the IP, but rather since the moment when failed login was
detected by fail2ban. Thus, if fail2ban gets [re]started, any IP which detected by fail2ban. Thus, if fail2ban gets [re]started, any IP which
had enough of failed logins within "findtime" will be banned for had enough of failed logins with durations less than "findtime" between
them prior to the [re]start moment, will be banned for
"bantime" since [re]start moment, not since the last failed login "bantime" since [re]start moment, not since the last failed login
time. time.
* Findtime:
"Findtime" option of a jail actually defines a duration to reset the
counter of failed login attempts, if no new attempt was detected within
that time frame (i.e. within "findtime").
See
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options
for more information on jail options.
* Syslog entries can be 'forged' by a regular user * Syslog entries can be 'forged' by a regular user