Dear, I have process to configure the complain.conf (default configuration) with just a argument on mailargs = -c [email protected]
Extract of the error on fail2ban.log (verb 4) is : 2015-02-01 01:03:35,289 fail2ban.filter [14550]: DEBUG Found IPTEST 2015-02-01 01:03:35,289 fail2ban.filter [14550]: DEBUG Total # of detected failures: 7. Current failures from 2 IPs (IP:count): IPTEST:6, 115.239.228.9:1 2015-02-01 01:03:35,290 fail2ban.filter.datedetector[14550]: DEBUG Matched time template MONTH Day Hour:Minute:Second 2015-02-01 01:03:35,290 fail2ban.filter.datedetector[14550]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2015-02-01 01:03:35,290 fail2ban.filter.datedetector[14550]: DEBUG Sorting the template list 2015-02-01 01:03:35,290 fail2ban.filter.datedetector[14550]: DEBUG Winning template: MONTH Day Hour:Minute:Second with 1264 hits 2015-02-01 01:03:35,533 fail2ban.actions[14550]: WARNING [ssh-iptables] Ban IPTEST 2015-02-01 01:03:35,533 fail2ban.actions.action[14550]: DEBUG iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' 2015-02-01 01:03:35,549 fail2ban.actions.action[14550]: DEBUG iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' returned successfully 2015-02-01 01:03:35,550 fail2ban.actions.action[14550]: DEBUG iptables -I fail2ban-SSH 1 -s IPTEST -j REJECT --reject-with icmp-port-unreachable 2015-02-01 01:03:35,561 fail2ban.actions.action[14550]: DEBUG iptables -I fail2ban-SSH 1 -s IPTEST -j REJECT --reject-with icmp-port-unreachable returned successfully 2015-02-01 01:03:35,563 fail2ban.actions.action[14550]: DEBUG 2015-02-01 01:03:35,563 fail2ban.actions.action[14550]: DEBUG Nothing to do 2015-02-01 01:03:35,563 fail2ban.actions.action[14550]: DEBUG printf %b "Subject: [Fail2Ban] SSH: banned IPTEST from `uname -n` Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"` From: DNS-A Fail2Ban <[email protected]> To: [email protected]\n Hi,\n The IP IPTEST has just been banned by Fail2Ban after 6 attempts against SSH.\n\n Here is more information about IPTEST:\n `/usr/bin/whois IPTEST || echo missing whois program`\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f [email protected] [email protected] 2015-02-01 01:03:35,654 fail2ban.actions.action[14550]: DEBUG printf %b "Subject: [Fail2Ban] SSH: banned IPTEST from `uname -n` Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"` From: DNS-A Fail2Ban <[email protected]> To: [email protected]\n Hi,\n The IP IPTEST has just been banned by Fail2Ban after 6 attempts against SSH.\n\n Here is more information about IPTEST:\n `/usr/bin/whois IPTEST || echo missing whois program`\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f [email protected] [email protected] returned successfully 2015-02-01 01:03:35,655 fail2ban.actions.action[14550]: DEBUG 2015-02-01 01:03:35,655 fail2ban.actions.action[14550]: DEBUG Nothing to do 2015-02-01 01:03:35,656 fail2ban.actions.action[14550]: DEBUG oifs=${IFS}; IFS=.;SEP_IP=( IPTEST ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs} IP=IPTEST if [ ! -z "$ADDRESSES" ]; then (printf %b "Dear Sir/Madam,\n\nWe would like to draw your attention on a network abuse incident from\n\nyour network. Here we enclosed with the log event for your investigation. Also, please take appropriate\n\naction for preventing the respective incident. We are much\n\nappreciated with your prompt reply for your follow up action. Please\n\nreply us at [email protected].\n\n"; date '+Note: Local timezone is %z (%Z)'; grep -E '(^|[^0-9])IPTEST([^0-9]|$)' /var/log/secure) | mail -s "Abuse from IPTEST" -c [email protected] ${ADDRESSES//,/\" \"} fi 2015-02-01 01:03:35,748 fail2ban.actions.action[14550]: ERROR oifs=${IFS}; IFS=.;SEP_IP=( IPTEST ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs} IP=IPTEST if [ ! -z "$ADDRESSES" ]; then (printf %b "Dear Sir/Madam,\n\nWe would like to draw your attention on a network abuse incident from\n\nyour network. Here we enclosed with the log event for your investigation. Also, please take appropriate\n\naction for preventing the respective incident. We are much\n\nappreciated with your prompt reply for your follow up action. Please\n\nreply us at [email protected].\n\n"; date '+Note: Local timezone is %z (%Z)'; grep -E '(^|[^0-9])IPTEST([^0-9]|$)' /var/log/secure) | mail -s "Abuse from IPTEST" -c [email protected] ${ADDRESSES//,/\" \"} fi returned 7f00 2015-02-01 01:03:35,749 fail2ban.actions.action[14550]: INFO HINT on 7f00: "Command not found". Make sure that all commands in 'oifs=${IFS}; IFS=.;SEP_IP=( IPTEST ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}\nIP=IPTEST\nif [ ! -z "$ADDRESSES" ]; then\n(printf %b "Dear Sir/Madam,\\n\\nWe would like to draw your attention on a network abuse incident from\\n\\nyour network. Here we enclosed with the log event for your investigation. Also, please take appropriate\\n\\naction for preventing the respective incident. We are much\\n\\nappreciated with your prompt reply for your follow up action. Please\\n\\nreply us at [email protected].\\n\\n"; date \'+Note: Local timezone is %z (%Z)\'; grep -E \'(^|[^0-9])IPTEST([^0-9]|$)\' /var/log/secure) | mail -s "Abuse from IPTEST" -c [email protected] ${ADDRESSES//,/\\" \\"}\nfi' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals. 2015-02-01 01:03:36,700 fail2ban.filter [14550]: DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/secure pathname=/var/log/secure wd=2 > Can you help me ? Sincerely Nicolas ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
