tags 676146 +fixed-upstream +pending thanks to say the truth I did not even know that I could do inline comments and did not feel it alright to embed comments into the value fields... clarifying that might be worth it but then it would need to be done for every configuration file which imho would be too much. For now I have made those modifications in upstream repository: http://github.com/fail2ban/fail2ban/commit/b4099dae577ca3a4c42037f71f09fd24b1d71030 and in Debian branch which carries custom jail.conf http://github.com/fail2ban/fail2ban/commit/6ad4276a4eaf095dd6408122d729fcb1321bd029 with which I will close this bug whenever freshier f2b gets uploaded
Cheers, On Mon, 04 Jun 2012, Stefano Forli wrote: > Package: fail2ban > Version: 0.8.4-3+squeeze1 > Severity: normal > When parsing a jail.local config file there is a problem when parsing inline > comments with "#". > For example the following line in the jail.local file: > bantime = 28800 # seconds > results in an error message when checking the configuration with > fail2ban-client: > # fail2ban-client -d > WARNING 'findtime' not defined in 'apache-noscript'. Using default value > WARNING Wrong value for 'bantime' in 'apache-noscript'. Using default > one: '600' > WARNING 'findtime' not defined in 'pam-generic'. Using default value > WARNING Wrong value for 'bantime' in 'pam-generic'. Using default one: > '600' > WARNING 'findtime' not defined in 'vsftpd'. Using default value > WARNING Wrong value for 'bantime' in 'vsftpd'. Using default one: '600' > WARNING 'findtime' not defined in 'xinetd-fail'. Using default value > WARNING Wrong value for 'bantime' in 'xinetd-fail'. Using default one: > '600' > WARNING 'findtime' not defined in 'ssh-ddos'. Using default value > WARNING Wrong value for 'bantime' in 'ssh-ddos'. Using default one: '600' > ... > I've found out in the ConfigParser Python module documentation (used by > fail2ban > to parse the config files) there is an explicit mention to this: > For backwards compatibility, only ; starts an inline comment, while # > does not. > ( http://docs.python.org/release/2.6.8/library/configparser.html ) > Possibly this should be mentioned in the default config file provided within > the package > maybe as following: > diff jail.local_patch jail.local > 10,12d9 > < # Comment lines can be inserted by prefixing them with a '#' > < # Inline commments must use ';'. > < # > -- System Information: > Debian Release: 6.0.5 > APT prefers stable > APT policy: (500, 'stable') > Architecture: amd64 (x86_64) > Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Versions of packages fail2ban depends on: > ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init > scrip > ii python 2.6.6-3+squeeze7 interactive high-level > object-orie > ii python-central 0.6.16+nmu1 register and build utility for > Pyt > Versions of packages fail2ban recommends: > ii iptables 1.4.8-3 administration tools for packet > fi > ii whois 5.0.10 an intelligent whois client > Versions of packages fail2ban suggests: > ii bsd-mailx [mailx] 8.1.2-0.20100314cvs-1 simple mail user agent > ii mailx 1:20071201-3 Transitional package for mailx > ren > pn python-gamin <none> (no description available) > -- Configuration Files: > /etc/fail2ban/jail.conf changed: > [DEFAULT] > ignoreip = 127.0.0.1 > bantime = 7200 > maxretry = 3 > backend = polling > destemail = root@localhost > banaction = iptables-multiport > mta = sendmail > protocol = tcp > action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", > protocol="%(protocol)s] > action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", > protocol="%(protocol)s] > %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", > protocol="%(protocol)s] > action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", > protocol="%(protocol)s] > %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", > logpath=%(logpath)s] > action = %(action_)s > [ssh] > enabled = true > port = ssh > filter = sshd > logpath = /var/log/auth.log > maxretry = 6 > [pam-generic] > enabled = false > filter = pam-generic > port = all > banaction = iptables-allports > port = anyport > logpath = /var/log/auth.log > maxretry = 6 > [xinetd-fail] > enabled = false > filter = xinetd-fail > port = all > banaction = iptables-multiport-log > logpath = /var/log/daemon.log > maxretry = 2 > [ssh-ddos] > enabled = false > port = ssh > filter = sshd-ddos > logpath = /var/log/auth.log > maxretry = 6 > [apache] > enabled = false > port = http,https > filter = apache-auth > logpath = /var/log/apache*/*error.log > maxretry = 6 > [apache-multiport] > enabled = false > port = http,https > filter = apache-auth > logpath = /var/log/apache*/*error.log > maxretry = 6 > [apache-noscript] > enabled = false > port = http,https > filter = apache-noscript > logpath = /var/log/apache*/*error.log > maxretry = 6 > [apache-overflows] > enabled = false > port = http,https > filter = apache-overflows > logpath = /var/log/apache*/*error.log > maxretry = 2 > [vsftpd] > enabled = false > port = ftp,ftp-data,ftps,ftps-data > filter = vsftpd > logpath = /var/log/vsftpd.log > maxretry = 6 > [proftpd] > enabled = false > port = ftp,ftp-data,ftps,ftps-data > filter = proftpd > logpath = /var/log/proftpd/proftpd.log > maxretry = 6 > [wuftpd] > enabled = false > port = ftp,ftp-data,ftps,ftps-data > filter = wuftpd > logpath = /var/log/auth.log > maxretry = 6 > [postfix] > enabled = false > port = smtp,ssmtp > filter = postfix > logpath = /var/log/mail.log > [couriersmtp] > enabled = false > port = smtp,ssmtp > filter = couriersmtp > logpath = /var/log/mail.log > [courierauth] > enabled = false > port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s > filter = courierlogin > logpath = /var/log/mail.log > [sasl] > enabled = false > port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s > filter = sasl > logpath = /var/log/mail.log > [named-refused-tcp] > enabled = false > port = domain,953 > protocol = tcp > filter = named-refused > logpath = /var/log/named/security.log > -- no debconf information -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
