==================================================================
Please DO NOT REPLY to this mail or send email to the developers
about this bug. Please follow-up to Bugzilla using this link:
https://bugs.contribs.org/show_bug.cgi?id=9556
Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ
Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==================================================================
Bug ID: 9556
Summary: http filters in jail.conf use wrong log files
Classification: Contribs
Product: SME Contribs
Version: 9.1
Hardware: ---
OS: ---
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: smeserver-fail2ban
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
I'm checking a server of mine, running fail2ban
[root@fileserver fail2ban]$ rpm -qa | grep fail2ban
fail2ban-0.9.3-1.el6.1.noarch
smeserver-fail2ban-0.1.12-1.el6.fws.noarch
I see in /var/log/messages:
Jun 1 01:12:10 fileserver esmith::event[58350]: Running event handler:
/etc/e-smith/events/logrotate/S98fail2ban-resume-logs
Jun 1 01:12:11 fileserver esmith::event[58350]: ERROR NOK: (2, 'No such file
or directory')
Jun 1 01:12:11 fileserver esmith::event[58350]: [Errno 2] No such file or
directory: '/var/log/httpd/error_log'
Jun 1 01:12:11 fileserver esmith::event[58350]: ERROR NOK: (2, 'No such file
or directory')
Jun 1 01:12:11 fileserver esmith::event[58350]: [Errno 2] No such file or
directory: '/var/log/httpd/error_log'
Jun 1 01:12:11 fileserver esmith::event[58350]: ERROR NOK: (2, 'No such file
or directory')
Jun 1 01:12:11 fileserver esmith::event[58350]: [Errno 2] No such file or
directory: '/var/log/httpd/error_log'
Jun 1 01:12:11 fileserver esmith::event[58350]: ERROR NOK: (2, 'No such file
or directory')
Jun 1 01:12:11 fileserver esmith::event[58350]: [Errno 2] No such file or
directory: '/var/log/httpd/error_log'
Jun 1 01:12:12 fileserver esmith::event[58350]: Current monitored log file(s):
Jun 1 01:12:12 fileserver esmith::event[58350]: `- /var/log/secure
Jun 1 01:12:12 fileserver esmith::event[58350]:
S98fail2ban-resume-logs=action|Event|logrotate|Action|S98fail2ban-resume-logs|Start|1464736330
11119|End|1464736332 457
754|Elapsed|2.446635
the relevant part in /etc/e-smith/events/logrotate/S98fail2ban-resume-logs is:
for JAIL in http-overflows http-noscript http-scan http-auth; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/httpd/error_log
fi
done
which is wrong because on SME there's no /var/log/httpd/error_log.. it should
be IMO /var/log/httpd/*error_log
template fragment
/etc/e-smith/templates/etc/fail2ban/jail.conf/30service25httpd is wrong too,
because it points to
logpath = /var/log/httpd/error_log
on the same server I'm observing a strange behaviour.. currently I have
Status for the jail: qpsmtpd
|- Filter
| |- Currently failed: 16
| |- Total failed: 29
| `- File list: /var/log/qpsmtpd/current /var/log/sqpsmtpd/current
`- Actions
|- Currently banned: 449
|- Total banned: 449
and (now) all 449 entries are in /etc/rc.d/init.d/masq too.. but this morning,
even if the result of
fail2ban-client status qpsmtpd
was the same (449 blocked IPs), no entry at all in /etc/rc.d/init.d/masq
any hint?
I'll try to create a patch if Dani won't do meanwhile..
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
