Bug#343821: fail2ban: Additional info (debug log dump)

Claus Christensen Sat, 09 Sep 2006 05:01:41 -0700

Package: fail2ban
Version: 0.6.1-7bpo2
Followup-For: Bug #343821

2006-09-09 13:19:02,854 WARNING: Verbose level is 3
2006-09-09 13:19:02,866 WARNING: DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ 
EXECUTED BUT ONLY DISPLAYED IN THE LOG MESSAGES
2006-09-09 13:19:02,867 DEBUG: Created PID lock (10605) in /var/run/fail2ban.pid
2006-09-09 13:19:02,867 DEBUG: ConfFile is /etc/fail2ban.conf
2006-09-09 13:19:02,867 DEBUG: BanTime is 600
2006-09-09 13:19:02,868 DEBUG: FindTime is 600
2006-09-09 13:19:02,868 DEBUG: MaxFailure is 5
2006-09-09 13:19:02,868 DEBUG: MAIL: Accepted value enabled=False
2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value host='localhost'
2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value port=25
2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value from='[EMAIL PROTECTED]'
2006-09-09 13:19:02,869 DEBUG: MAIL: Accepted value to='[EMAIL PROTECTED]'
2006-09-09 13:19:02,870 DEBUG: MAIL: Accepted value user=''
2006-09-09 13:19:02,870 DEBUG: MAIL: Accepted value password=''
2006-09-09 13:19:02,870 DEBUG: MAIL: Accepted value localtime=True
2006-09-09 13:19:02,871 DEBUG: MAIL: Accepted value subject='[Fail2Ban] 
<section>: Banned <ip>'
2006-09-09 13:19:02,871 DEBUG: MAIL: Accepted value message='Hi,<br>\nThe IP 
<ip> has just been banned by Fail2Ban after\n<failures> attempts against 
<section>.<br>\nRegards,<br>\nFail2Ban'
2006-09-09 13:19:02,871 INFO: Fail2Ban v0.6.1 is running
2006-09-09 13:19:02,872 DEBUG: Found sections: ['VSFTPD', 'PROFTPD', 
'ApacheAttacks', 'SSH', 'SASL', 'Apache']
2006-09-09 13:19:02,872 DEBUG: VSFTPD: Accepted value enabled=False
2006-09-09 13:19:02,872 DEBUG: VSFTPD: Accepted value 
logfile='/var/log/vsftpd.log'
2006-09-09 13:19:02,872 DEBUG: VSFTPD: Accepted value maxfailures=5
2006-09-09 13:19:02,873 DEBUG: VSFTPD: Accepted value bantime=600
2006-09-09 13:19:02,873 DEBUG: VSFTPD: Accepted value findtime=600
2006-09-09 13:19:02,873 DEBUG: VSFTPD: Accepted value 
timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}'
2006-09-09 13:19:02,874 DEBUG: VSFTPD: Accepted value timepattern='%b %d 
%H:%M:%S'
2006-09-09 13:19:02,874 DEBUG: VSFTPD: Accepted value failregex='\\[.+\\] FAIL 
LOGIN: Client "(?P<host>\\S+)"$'
2006-09-09 13:19:02,874 DEBUG: VSFTPD: Accepted value fwstart='iptables -N 
fail2ban-VSFTPD\niptables -A fail2ban-VSFTPD -j RETURN\niptables -I INPUT -p 
tcp --dport ftp -j fail2ban-VSFTPD'
2006-09-09 13:19:02,875 DEBUG: VSFTPD: Accepted value fwend='iptables -D INPUT 
-p tcp --dport ftp -j fail2ban-VSFTPD\niptables -F fail2ban-VSFTPD\niptables -X 
fail2ban-VSFTPD'
2006-09-09 13:19:02,875 DEBUG: VSFTPD: Accepted value fwban='iptables -I 
fail2ban-VSFTPD 1 -s <ip> -j DROP'
2006-09-09 13:19:02,875 DEBUG: VSFTPD: Accepted value fwunban='iptables -D 
fail2ban-VSFTPD -s <ip> -j DROP'
2006-09-09 13:19:02,876 DEBUG: VSFTPD: Accepted value fwcheck='iptables -L 
INPUT | grep -q fail2ban-VSFTPD'
2006-09-09 13:19:02,876 DEBUG: PROFTPD: Accepted value enabled=False
2006-09-09 13:19:02,876 DEBUG: PROFTPD: Accepted value 
logfile='/var/log/proftpd/proftpd.log'
2006-09-09 13:19:02,877 DEBUG: PROFTPD: Accepted value maxfailures=5
2006-09-09 13:19:02,877 DEBUG: PROFTPD: Accepted value bantime=600
2006-09-09 13:19:02,877 DEBUG: PROFTPD: Accepted value findtime=600
2006-09-09 13:19:02,878 DEBUG: PROFTPD: Accepted value 
timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}'
2006-09-09 13:19:02,878 DEBUG: PROFTPD: Accepted value timepattern='%b %d 
%H:%M:%S'
2006-09-09 13:19:02,878 DEBUG: PROFTPD: Accepted value failregex='USER \\S+: no 
such user found from \\S* ?\\[(?P<host>\\S+)\\] to \\S+\\s*$'
2006-09-09 13:19:02,879 DEBUG: PROFTPD: Accepted value fwstart='iptables -N 
fail2ban-PROFTPD\niptables -A fail2ban-PROFTPD -j RETURN\niptables -I INPUT -p 
tcp --dport ftp -j fail2ban-PROFTPD'
2006-09-09 13:19:02,879 DEBUG: PROFTPD: Accepted value fwend='iptables -D INPUT 
-p tcp --dport ftp -j fail2ban-PROFTPD\niptables -F fail2ban-PROFTPD\niptables 
-X fail2ban-PROFTPD'
2006-09-09 13:19:02,879 DEBUG: PROFTPD: Accepted value fwban='iptables -I 
fail2ban-PROFTPD 1 -s <ip> -j DROP'
2006-09-09 13:19:02,880 DEBUG: PROFTPD: Accepted value fwunban='iptables -D 
fail2ban-PROFTPD -s <ip> -j DROP'
2006-09-09 13:19:02,880 DEBUG: PROFTPD: Accepted value fwcheck='iptables -L 
INPUT | grep -q fail2ban-PROFTPD'
2006-09-09 13:19:02,880 DEBUG: ApacheAttacks: Accepted value enabled=False
2006-09-09 13:19:02,881 DEBUG: ApacheAttacks: Accepted value 
logfile='/var/log/apache/access.log'
2006-09-09 13:19:02,881 DEBUG: ApacheAttacks: Accepted value maxfailures=2
2006-09-09 13:19:02,881 DEBUG: ApacheAttacks: Accepted value bantime=600
2006-09-09 13:19:02,882 DEBUG: ApacheAttacks: Accepted value findtime=600
2006-09-09 13:19:02,882 DEBUG: ApacheAttacks: Accepted value 
timeregex='\\d{2}/\\S{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2}'
2006-09-09 13:19:02,882 DEBUG: ApacheAttacks: Accepted value 
timepattern='%d/%b/%Y:%H:%M:%S'
2006-09-09 13:19:02,883 DEBUG: ApacheAttacks: Accepted value 
failregex='^(?P<host>\\S*) -.*"GET 
.*(?:awstats\\.pl\\?configdir=|index2\\.php\\?_REQUEST\\[option\\].*)\\|echo.*'
2006-09-09 13:19:02,883 DEBUG: ApacheAttacks: Accepted value fwstart='iptables 
-N fail2ban-ApacheAttacks\niptables -A fail2ban-ApacheAttacks -j 
RETURN\niptables -I INPUT -p tcp --dport http -j fail2ban-ApacheAttacks'
2006-09-09 13:19:02,883 DEBUG: ApacheAttacks: Accepted value fwend='iptables -D 
INPUT -p tcp --dport http -j fail2ban-ApacheAttacks\niptables -F 
fail2ban-ApacheAttacks\niptables -X fail2ban-ApacheAttacks'
2006-09-09 13:19:02,884 DEBUG: ApacheAttacks: Accepted value fwban='iptables -I 
fail2ban-ApacheAttacks 1 -s <ip> -j DROP'
2006-09-09 13:19:02,884 DEBUG: ApacheAttacks: Accepted value fwunban='iptables 
-D fail2ban-ApacheAttacks -s <ip> -j DROP'
2006-09-09 13:19:02,884 DEBUG: ApacheAttacks: Accepted value fwcheck='iptables 
-L INPUT | grep -q fail2ban-ApacheAttacks'
2006-09-09 13:19:02,885 DEBUG: SSH: Accepted value enabled=True
2006-09-09 13:19:02,885 DEBUG: SSH: Accepted value logfile='/var/log/auth.log'
2006-09-09 13:19:02,885 DEBUG: SSH: Accepted value maxfailures=5
2006-09-09 13:19:02,886 DEBUG: SSH: Accepted value bantime=600
2006-09-09 13:19:02,886 DEBUG: SSH: Accepted value findtime=600
2006-09-09 13:19:02,886 DEBUG: SSH: Accepted value 
timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}'
2006-09-09 13:19:02,887 DEBUG: SSH: Accepted value timepattern='%b %d %H:%M:%S'
2006-09-09 13:19:02,887 DEBUG: SSH: Accepted value failregex=': 
(?:(?:Authentication failure|Failed [-/\\w+]+) for(?: [iI](?:llegal|nvalid) 
user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) 
(?:::f{4,6}:)?(?P<host>\\S*)'
2006-09-09 13:19:02,887 DEBUG: SSH: Accepted value fwstart='iptables -N 
fail2ban-SSH\niptables -A fail2ban-SSH -j RETURN\niptables -I INPUT -p tcp 
--dport ssh -j fail2ban-SSH'
2006-09-09 13:19:02,888 DEBUG: SSH: Accepted value fwend='iptables -D INPUT -p 
tcp --dport ssh -j fail2ban-SSH\niptables -F fail2ban-SSH\niptables -X 
fail2ban-SSH'
2006-09-09 13:19:02,888 DEBUG: SSH: Accepted value fwban='iptables -I 
fail2ban-SSH 1 -s <ip> -j DROP'
2006-09-09 13:19:02,888 DEBUG: SSH: Accepted value fwunban='iptables -D 
fail2ban-SSH -s <ip> -j DROP'
2006-09-09 13:19:02,889 DEBUG: SSH: Accepted value fwcheck='iptables -L INPUT | 
grep -q fail2ban-SSH'
2006-09-09 13:19:02,889 DEBUG: SASL: Accepted value enabled=False
2006-09-09 13:19:02,889 DEBUG: SASL: Accepted value logfile='/var/log/mail.log'
2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value maxfailures=5
2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value bantime=600
2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value findtime=600
2006-09-09 13:19:02,890 DEBUG: SASL: Accepted value 
timeregex='\\S{3}\\s{1,2}\\d{1,2} \\d{2}:\\d{2}:\\d{2}'
2006-09-09 13:19:02,891 DEBUG: SASL: Accepted value timepattern='%b %d %H:%M:%S'
2006-09-09 13:19:02,891 DEBUG: SASL: Accepted value failregex=': warning: 
[-._\\w]+\\[(?P<host>[.\\d]+)\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) 
authentication failed$'
2006-09-09 13:19:02,891 DEBUG: SASL: Accepted value fwstart='iptables -N 
fail2ban-SASL\niptables -A fail2ban-SASL -j RETURN\niptables -I INPUT -p tcp 
--dport smtp -j fail2ban-SASL'
2006-09-09 13:19:02,892 DEBUG: SASL: Accepted value fwend='iptables -D INPUT -p 
tcp --dport smtp -j fail2ban-SASL\niptables -F fail2ban-SASL\niptables -X 
fail2ban-SASL'
2006-09-09 13:19:02,892 DEBUG: SASL: Accepted value fwban='iptables -I 
fail2ban-SASL 1 -s <ip> -j DROP'
2006-09-09 13:19:02,892 DEBUG: SASL: Accepted value fwunban='iptables -D 
fail2ban-SASL -s <ip> -j DROP'
2006-09-09 13:19:02,893 DEBUG: SASL: Accepted value fwcheck='iptables -L INPUT 
| grep -q fail2ban-SASL'
2006-09-09 13:19:02,893 DEBUG: Apache: Accepted value enabled=False
2006-09-09 13:19:02,893 DEBUG: Apache: Accepted value 
logfile='/var/log/apache/error.log'
2006-09-09 13:19:02,894 DEBUG: Apache: Accepted value maxfailures=5
2006-09-09 13:19:02,894 DEBUG: Apache: Accepted value bantime=600
2006-09-09 13:19:02,894 DEBUG: Apache: Accepted value findtime=600
2006-09-09 13:19:02,895 DEBUG: Apache: Accepted value timeregex='\\S{3} \\S{3} 
\\d{2} \\d{2}:\\d{2}:\\d{2} \\d{4}'
2006-09-09 13:19:02,895 DEBUG: Apache: Accepted value timepattern='%a %b %d 
%H:%M:%S %Y'
2006-09-09 13:19:02,895 DEBUG: Apache: Accepted value failregex='[[]client 
(?P<host>\\S*)[]] user .*(?:: authentication failure|not found)'
2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwstart='iptables -N 
fail2ban-Apache\niptables -A fail2ban-Apache -j RETURN\niptables -I INPUT -p 
tcp --dport http -j fail2ban-Apache'
2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwend='iptables -D INPUT 
-p tcp --dport http -j fail2ban-Apache\niptables -F fail2ban-Apache\niptables 
-X fail2ban-Apache'
2006-09-09 13:19:02,896 DEBUG: Apache: Accepted value fwban='iptables -I 
fail2ban-Apache 1 -s <ip> -j DROP'
2006-09-09 13:19:02,897 DEBUG: Apache: Accepted value fwunban='iptables -D 
fail2ban-Apache -s <ip> -j DROP'
2006-09-09 13:19:02,897 DEBUG: Apache: Accepted value fwcheck='iptables -L 
INPUT | grep -q fail2ban-Apache'
2006-09-09 13:19:02,897 INFO: Enabled sections: ['SSH']
2006-09-09 13:19:02,898 DEBUG: Add 127.0.0.1 to ignore list
2006-09-09 13:19:02,898 WARNING:  is not a valid IP address
2006-09-09 13:19:02,898 DEBUG: Nothing to do
2006-09-09 13:19:02,898 DEBUG: SSH: Initialize firewall rules
2006-09-09 13:19:02,899 DEBUG: iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH
2006-09-09 13:19:02,899 DEBUG: /var/log/auth.log has been modified
2006-09-09 13:19:02,899 DEBUG: /var/log/auth.log
2006-09-09 13:19:02,906 ERROR: unknown locale: en_DK
2006-09-09 13:19:02,906 ERROR: Please check the format and your locale settings.
2006-09-09 13:19:02,906 DEBUG: Setting file position to 0 for /var/log/auth.log
2006-09-09 13:19:02,924 ERROR: Fail2Ban got an unhandled exception and died.
2006-09-09 13:19:02,925 ERROR: Type: 'AttributeError'
Value: ('strptime',)
TB: [('/usr/bin/fail2ban', 55, '?', 'fail2ban.main()'), 
('/usr/share/fail2ban/fail2ban.py', 513, 'main', 'e = 
element[1].getFailures()'), ('/usr/share/fail2ban/logreader/logreader.py', 143, 
'getFailures', 'for element in self.findFailure(line):'), 
('/usr/share/fail2ban/logreader/logreader.py', 174, 'findFailure', 'date = 
self.getUnixTime(timeMatch.group())'), 
('/usr/share/fail2ban/logreader/logreader.py', 216, 'getUnixTime', 'date = 
list(time.strptime(value, self.timepattern))')]
2006-09-09 13:19:02,925 WARNING: Restoring firewall rules...
2006-09-09 13:19:02,925 DEBUG: SSH: Restore firewall rules
2006-09-09 13:19:02,926 DEBUG: iptables -D INPUT -p tcp --dport ssh -j 
fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH
2006-09-09 13:19:02,926 DEBUG: Nothing to do
2006-09-09 13:19:02,926 DEBUG: Removed PID lock /var/run/fail2ban.pid



-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-k7
Locale: LANG=en_DK, LC_CTYPE=en_DK (charmap=ISO-8859-1)

Versions of packages fail2ban depends on:
ii  iptables                     1.3.3-1bpo1 Linux kernel 2.4+ iptables adminis
ii  lsb-base                     3.1-9bpo1   Linux Standard Base 3.1 init scrip
ii  python                       2.3.5-2     An interactive high-level object-o

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#343821: fail2ban: Additional info (debug log dump)

Reply via email to