So far it's working great. I finished the .service files but they don't work. I have to find a way to start the service from the directory where the config file is stored so I have been reading up on systemd, to quote Adrian Belew "The more I study this thing, the more I like it." The last kernel update from Fedora fixed the memory problem I have been having with fail2ban so I will let it for a few day and let see what happens. I think my next step will be to restart the fail2ban server and leave the cluster running and see what happens. Do you have a anything special I should be doing for testing? I do have some reluctance to restarting the server because of the 776 ip that a permanently blocked so the will be 776 broadcast messages going out in short time span I don't want to flood your server. Oh and how may people are in the test group?
On Thu, 2015-08-13 at 00:10 -0300, Arturo 'Buanzo' Busleiman wrote: > and here is my subscriber instance on a different server, getting one > of your bans: > > root@mx5:/usr/local/src/zeromq# grep > 122.234.241.193 /var/log/fail2ban.log > 2015-08-12 20:02:14,326 fail2ban.actions: WARNING [fail2bancluster] > Ban 122.234.241.193 > > root@mx5:/usr/local/src/zeromq# grep > 122.234.241.193 /var/log/auth.log > Aug 12 20:02:12 mx5 /fail2ban-subscriber.py[3382]: fail2ban-zmq-tools > Subscriber: Got broadcast message: desktop.hjohnson933.net|pam-root| > Ban|122.234.241.193 > > > > > On Thu, Aug 13, 2015 at 12:05 AM, Arturo 'Buanzo' Busleiman > <bua...@buanzo.com.ar> wrote: > > Hi ! > > > > Yep, my Publisher instance is getting your Ban/Unban > messages :D > > > > Bantime, I thought about it when designing this, and I thought > it was better to leave that for every user, although it > wouldnt hurt to include the detail.... we can add the idea to > the TODO file. > > > > Check this out: > > > BANS: > > > root@mx2:~# grep 'Propagating Ban' /var/log/auth.log|grep > desktop.hjohnson933.net > Aug 12 15:53:00 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 211.94.131.150/pam-root from desktop.hjohnson933.net > Aug 12 16:04:39 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 83.209.32.218/sshd from desktop.hjohnson933.net > Aug 12 16:04:40 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 83.209.32.218/pam-root from desktop.hjohnson933.net > Aug 12 16:05:52 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 194.33.84.125/pam-root from desktop.hjohnson933.net > Aug 12 16:06:00 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 87.120.182.56/pam-root from desktop.hjohnson933.net > Aug 12 16:06:01 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 87.120.182.56/sshd from desktop.hjohnson933.net > Aug 12 17:14:19 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 211.44.193.221/pam-root from desktop.hjohnson933.net > Aug 12 17:37:25 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 139.175.13.28/pam-root from desktop.hjohnson933.net > Aug 12 18:34:00 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 115.192.248.221/pam-root from desktop.hjohnson933.net > Aug 12 20:04:06 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 122.234.241.193/pam-root from desktop.hjohnson933.net > Aug 12 20:56:54 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 82.200.207.26/vncserver from desktop.hjohnson933.net > Aug 12 23:17:20 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Ban for > 74.218.204.34/pam-root from desktop.hjohnson933.net > > > > > UNBANS: > > > root@mx2:~# grep 'Propagating Unban' /var/log/auth.log|grep > desktop.hjohnson933.net > Aug 12 16:03:00 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 211.94.131.150/pam-root from desktop.hjohnson933.net > Aug 12 16:07:41 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 46.166.190.204/recidive from desktop.hjohnson933.net > Aug 12 16:08:49 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 80.82.64.81/recidive from desktop.hjohnson933.net > Aug 12 16:14:40 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 83.209.32.218/pam-root from desktop.hjohnson933.net > Aug 12 16:15:54 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 194.33.84.125/pam-root from desktop.hjohnson933.net > Aug 12 16:16:00 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 87.120.182.56/pam-root from desktop.hjohnson933.net > Aug 12 16:17:39 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 83.209.32.218/sshd from desktop.hjohnson933.net > Aug 12 16:19:00 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 87.120.182.56/sshd from desktop.hjohnson933.net > Aug 12 17:24:20 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 211.44.193.221/pam-root from desktop.hjohnson933.net > Aug 12 17:47:25 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 139.175.13.28/pam-root from desktop.hjohnson933.net > Aug 12 18:44:01 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 115.192.248.221/pam-root from desktop.hjohnson933.net > Aug 12 20:14:07 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 122.234.241.193/pam-root from desktop.hjohnson933.net > Aug 12 21:09:54 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 82.200.207.26/vncserver from desktop.hjohnson933.net > Aug 12 23:27:20 mx2 /fail2ban-publisher.py[6022]: > fail2ban-zmq-tools Publisher: Propagating Unban for > 74.218.204.34/pam-root from desktop.hjohnson933.net > > > > On Wed, Aug 12, 2015 at 3:50 PM, Harrison Johnson > <hjohnson...@cox.net> wrote: > > Looks good, I am getting broadcast messages, I don't > know if I am sending any yet. But the jail is working > just fine. One thing I do see is you might consider a > way to propagate the senders ban time for that jail so > we can all share it to cut down on unban noise. Later > today I will write a .service file so I can auto start > fail2ban cluster. I will post them to the list if any > one wants to use them, most everybody hates systemd so > it is probably a moot point. > > Thanks for the help > Harry > > > On Wed, 2015-08-12 at 15:23 -0300, Arturo 'Buanzo' > Busleiman wrote: > > > Sample fail2ban-subscriber messages: > > > > > > Aug 12 12:42:52 mx5 /fail2ban-subscriber.py[3382]: > > fail2ban-zmq-tools Subscriber: Got broadcast > > message: mx2.mailfighter.net|ssh|Ban|83.234.207.60 > > Aug 12 13:18:36 mx5 /fail2ban-subscriber.py[3382]: > > fail2ban-zmq-tools Subscriber: Got broadcast > > message: mx2.mailfighter.net|ssh|Unban| > > 222.186.56.175 > > Aug 12 13:48:58 mx5 /fail2ban-subscriber.py[3382]: > > fail2ban-zmq-tools Subscriber: Got equal hostname > > broadcast. Our hostname is mx5.mailfighter.net > > Aug 12 13:50:29 mx5 /fail2ban-subscriber.py[3382]: > > fail2ban-zmq-tools Subscriber: Got broadcast > > message: mx2.mailfighter.net|ssh|Ban|202.195.160.11 > > Aug 12 13:53:27 mx5 /fail2ban-subscriber.py[3382]: > > fail2ban-zmq-tools Subscriber: Got broadcast > > message: mx2.mailfighter.net|ssh|Unban|43.229.53.81 > > > > On 12 Aug 2015 2:21 pm, "Arturo 'Buanzo' Busleiman" > > <bua...@buanzo.com.ar> wrote: > > > > Monitor,Publisher and Subscriber log a > > startup message. > > > > Try: grep -E 'monitor| > > subscriber' /var/log/messages > > > > > > On 12 Aug 2015 2:17 pm, "Harrison Johnson" > > <hjohnson...@cox.net> wrote: > > > > That makes perfect sense line 6 of > > configparsing.py clearly says its > > looking for fail2ban-cluster.conf I > > feel like an idiot. And I am already > > getting messages. I do have one > > additional question since this is > > running systemd I don't have an > > auth.log, I do keep rsyslog running > > for the one or two applications I > > have that don't like the journal > > files so everything gets echoed into > > var/log/messages and I pointed the > > fail2bancluster jail to that log > > file. But I have no clue what would > > normally be logged to auth.log so I > > not sure if I am looking in the > > right place. > > > > On Wed, 2015-08-12 at 12:32 -0500, > > Harrison Johnson wrote: > > > > > Arturo, > > > I am getting pretty close to > > > having it running, I have decided > > > that Fedora 21 is not ready for > > > prime time. I had to compile the > > > zeromq libraries because pip would > > > not recognize the pre-compiled > > > from Fedora and refused to install > > > the pyzmq package. I got past all > > > that but this I can't figure out. > > > > > > Traceback > > > (most recent call last): > > > File > > > "/usr/lib64/python3.4/configparser.py", > line 648, in options > > > opts = > > > self._sections[section].copy() > > > KeyError: > > > 'monitor' > > > > > > During handling > > > of the above exception, another > > > exception occurred: > > > > > > Traceback (most > > > recent call last): > > > File > > > "./fail2ban-monitor.py", line 8, > > > in <module> > > > > > > > monitorconfig=ConfigParsing().Section(section='monitor') > > > File > > > > "/usr/lib/python2.7/site-packages/fail2ban/configparsing.py", line 20, in > Section > > > options = > > > self.parser.options(section) > > > File > > > "/usr/lib64/python3.4/configparser.py", > line 650, in options > > > raise > > > NoSectionError(section) > > > > > > configparser.NoSectionError: No > > > section: 'monitor' > > > > > > I might be missing a python > > > package, but I am no longer > > > getting import errors when it > > > starts up. I am very new to python > > > really just half out of the egg so > > > I don't even know what information > > > you might need to help me with > > > this, but if you have the time I > > > would like to get this working. > > > > > > Thanks Harry. > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > > Fail2ban-users mailing list > > > Fail2ban-users@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > > > > > >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
