Greg, Thanks so much for the info. With the edits to the following config files, I've eliminated the error and failure messages from the fail2ban.log file:
/etc/fail2ban/action.d/iptables-common.conf /etc/fail2ban/jail.local /etc/fail2ban/jail.conf One question remains (for now) which is: whether the logpath below for the apache logs should be UNcommented or left commented as below. I see that "touch /etc/fail2ban/empty" is still required in v0.10. +# Commented out (( action = iptables-multiport[name=ALL, port="http,https"] )) to allow fail2ban 0.10 to work with older 1.3.5 verson of iptables +# See: https://github.com/fail2ban/fail2ban/issues/698 +# Keith Christian +#action = iptables-multiport[name=ALL, port="http,https"] +action = iptables-allports #logpath = /var/broadworks/logs/apache/access_log.* logpath = /etc/fail2ban/empty maxretry = 10 The above is how it is on other machines running older versions of fail2ban. I'm testing this on a machine which has low traffic at the moment, so it's possible I'll have to lower the threshold to near zero to trigger fail2ban. In the fail2ban.log I see that "empty" is added as the logfile three times, probably corresponding to the three apache filters (apache-200, apache-403, apache-404, see below.) Should I uncomment the logpath pointing to the apache logs above? 2017-02-28 14:57:02,238 fail2ban.filter [13891]: INFO Added logfile: '/etc/fail2ban/empty' (pos = 0, hash = d41d8cd98f00b204e9800998ecf8427e) 2017-02-28 14:57:02,255 fail2ban.filter [13891]: INFO Added logfile: '/etc/fail2ban/empty' (pos = 0, hash = d41d8cd98f00b204e9800998ecf8427e) 2017-02-28 14:57:02,269 fail2ban.filter [13891]: INFO Added logfile: '/etc/fail2ban/empty' (pos = 0, hash = d41d8cd98f00b204e9800998ecf8427e) Keith On Tue, Feb 28, 2017 at 5:23 AM, Greg Martin <outlook_1a88585fca97a...@outlook.com> wrote: > You are trying to get a current piece of software to work with a 10 years > old piece. It may be stock for 2007-2011 but I think you will struggle. > > > > You could look at the actions conf files and try to tweak ip6tables commands > to work. Or disable the ip6tables actions altogether. > > > > \\Greg > > > > From: Keith Christian > Sent: Monday, February 27, 2017 7:09 PM > To: fail2ban-users@lists.sourceforge.net > Subject: Re: [Fail2ban-users] Failed to start jail using fail2ban-0.10 > Python-2.7.13 > > > > Thanks for the reply, Greg....... > > The ip6tables version is stock for this version of Red Hat. Is there > a minimum version of ip6tables specified that works with fail2ban > 0.10?? > > ip6tables --version > ip6tables v1.3.5 > > Only running with IPv4 for now, I suppose v0.10 has a an option to use > IPv4 iptables instead of ip6tables? > > A few more lines in the fail2ban.log file, hopefully these will be more > helpful: > > 2017-02-27 23:56:17,859 fail2ban.transmitter [13666]: WARNING > Command ['logfile', 'apache-200'] has failed. Received > Exception('Invalid command',) > > 2017-02-27 23:59:48,906 fail2ban.transmitter [13666]: WARNING > Command ['apache-200,', 'logpath'] has failed. Received > Exception('Invalid command',) > > 2017-02-27 23:59:49,001 fail2ban.transmitter [13666]: WARNING > Command ['apache-403,', 'logpath'] has failed. Received > Exception('Invalid command',) > > 2017-02-27 23:59:49,096 fail2ban.transmitter [13666]: WARNING > Command ['apache-404', 'logpath'] has failed. Received > Exception('Invalid command',) > > > Thanks. > > Keith > > On Mon, Feb 27, 2017 at 4:53 PM, Greg Martin > <outlook_1a88585fca97a...@outlook.com> wrote: >> That seems to be a pretty old version of ip6tables. Current version is >> 4.21. >> >> >> >> Sent from Mail for Windows 10 >> >> >> >> From: Keith Christian >> Sent: Monday, February 27, 2017 6:48 PM >> To: fail2ban-users@lists.sourceforge.net >> Subject: [Fail2ban-users] Failed to start jail using fail2ban-0.10 >> Python-2.7.13 >> >> >> >> Installed both of these from source on a Red Hat Enterprise Linux >> Server release 5.10 (Tikanga) system. >> >> fail2ban starts up but getting a lot of these errors in the fail2ban.log >> file: >> >> >> =========== >> =========== >> =========== >> =========== >> 2017-02-27 23:37:47,291 fail2ban.utils [13666]: ERROR -- >> stderr: "ip6tables v1.3.5: Unknown arg `-w'" >> >> >> 2017-02-27 23:37:47,291 fail2ban.utils [13666]: ERROR -- >> stderr: "Try `ip6tables -h' or 'ip6tables --help' for more >> information." >> >> >> 2017-02-27 23:37:47,292 fail2ban.utils [13666]: ERROR -- >> stderr: "ip6tables v1.3.5: Unknown arg `-w'" >> >> >> 2017-02-27 23:37:47,292 fail2ban.utils [13666]: ERROR -- >> stderr: "Try `ip6tables -h' or 'ip6tables --help' for more >> information." >> >> >> 2017-02-27 23:37:47,292 fail2ban.utils [13666]: ERROR -- >> stderr: "ip6tables v1.3.5: Unknown arg `-w'" >> >> >> 2017-02-27 23:37:47,292 fail2ban.utils [13666]: ERROR -- >> stderr: "Try `ip6tables -h' or 'ip6tables --help' for more >> information." >> >> >> 2017-02-27 23:37:47,292 fail2ban.utils [13666]: ERROR >> ip6tables -w -N f2b-ALL >> >> >> ip6tables -w -A -- returned 2 >> >> >> 2017-02-27 23:37:47,292 fail2ban.actions [13666]: ERROR >> Failed to start jail 'apache-403' action 'iptables-multiport': Error >> starting action Jail('apache-403')/iptables-multiport >> =========== >> =========== >> =========== >> =========== >> >> >> What should I check? >> >> Thanks in advance! >> >> Keith >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
