I'm getting close.
I found about about two issues:
(1) The curly braces on accessing variables are crucial -- ${ADDRESSES} works,
$ADDRESSES does not.
(2) It seems that on command execution, a very reduced $PATH is active. Tools
like printf, awk and sed in /usr/bin are found, dig in /usr/local/bin is not.
So, my testing action in this shape
------
actionban = printf %%b "Subject: [Fail2Ban] <name>: abuse contact info for <ip>
Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
The IP <ip> has the following abuse contacts according to
abusix.org:\n
`ABUSIXADDRESS=$(echo -n "<ip>" | awk 'BEGIN { FS="." } { print
$4"."$3"."$2"."$1".abuse-contacts.abusix.org"; }'); echo
ABUSIXADDRESS=${ABUSIXADD
RESS}; ADDRESSES=$(/usr/local/bin/dig +short -t txt -q ${ABUSIXADDRESS}); echo
ADDRESSES=${ADDRESSES}; ADDRESSLIST=$(echo -n ${ADDRESSES} | sed -e 's/,/" "/;'
); echo ADDRESSLIST=${ADDRESSLIST};`\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
------
now works and sends me an e-mail with the abuse contacts of the banned IPs. I
think I can manage the xarf-login-attack from here.
All the best,
w6g
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
