Hi Michael
Does your jail.conf or jail.local have this line in it:
*action_blocklist_de = blocklist_de[email="%(sender)s",
service=%(filter)s, apikey="%(blocklist_de_apikey)s",
agent="%(fail2ban_agent)s"]*
In your [ssh] section, fail2ban is calling various variables, one of which
is %(action_blocklist_de)s - I just want to check that this variable is set
up correctly in your jail file.
You can see that this variable then calls your api key variable (which I'd
guess needs to be written without any { or ] - but that's only a guess; as
you've done, it's worth trying with different combinations in case the
instructions were literal).
I'm not saying this will definitely make it work - but it is essential that
you have this defined, because your [ssh] section is asking for it to be
there.
Tony Collins
On 25 October 2017 at 13:09, Mitchell Krog Photography <
mitchellk...@gmail.com> wrote:
> Hi Yehuda
>
> Apologies for the late comeback on this but I have tried various things
> over this past few days and nothing is working for me. Simply nothing is
> getting reported to blocklist.de
>
> First of all I have an issue where they comment
>
> *Create a file jail.d/blocklist_de.local containing*
> *# [Init]*
> *# blocklist_de_apikey = {api key from registration]*
>
> So I have created that include file in that location exactly as per their
> specs but fail2ban fails to see it whilst loading and fails.
>
> So I went a step further and put this entry rather in my jail.local file
> which is now picked up during loading as it finds the blocklist_de_apikey
> string and happily loads fail2ban.
>
> I have my jails configured like this (below), but whilst I get the email
> notification with whois lines from the first action, and badips.com gets
> the notification from the third action listed, the middle
> action %(action_blocklist_de)s is not working.
>
> *[ssh]*
> *enabled = true*
> *port = ssh*
> *filter = sshd*
> *logpath = /var/log/auth.**
> *maxretry = 6*
> *action = %(action_mwl)s*
> * %(action_blocklist_de)s*
> * badips[category="sshd",
> key=“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]*
>
> Now in their little documentation snippet they say you add your api key
> using
>
> *blocklist_de_apikey = {api key from registration]*
>
> But notice it specifies beginning with *{* and ending *]* …. so beginning
> with curly bracket and ending with square bracket.
>
> Once again this does not work.
>
> so I have tried various combinations of it as follows
>
> *blocklist_de_apikey = {api key from registration}*
> *blocklist_de_apikey = api key from registration*
>
> But still no reporting to blocklist.de is taking place.
>
> What am I missing? This one is sending me running around in circles now.
>
> Kind Regards
> Mitchell
>
>
> From: Mitchell Krog Photography <mitchellk...@gmail.com>
> <mitchellk...@gmail.com>
> Reply: Mitchell Krog Photography <mitchellk...@gmail.com>
> <mitchellk...@gmail.com>
> Date: 20 October 2017 at 3:56:16 PM
> To: Graham Bosworth <gra...@chuckerytowers.plus.com>
> <gra...@chuckerytowers.plus.com>, Bill Shirley
> <bshir...@openmri-scottsboro.com> <bshir...@openmri-scottsboro.com>
> Cc: p...@opensuse.org <p...@opensuse.org> <p...@opensuse.org>,
> fail2ban-users@lists.sourceforge.net <fail2ban-users@lists.
> sourceforge.net> <fail2ban-users@lists.sourceforge.net>
> Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
> blocklist.de at same time?
>
> Many thanks Yehuda for the reply
>
> I am testing it now and will let you know if I get it right, have to wait
> a few hours before something get’s blacklisted and reported.
>
> I did register on blocklist.de to get an API key and set the field
> "blocklist_de_apikey = xxxxxxxx” in the jail.local so as soon as a repeat
> offender kicks in I will see if it is reporting to blocklist as well as
> badips.com.
>
> Also thank you to Graham for some support :) much appreciated.
>
> I will report back with my findings and confirmation of the changes I made.
>
>
> Kind Regards
> Mitchell
>
>
>
> From: Graham Bosworth <gra...@chuckerytowers.plus.com>
> <gra...@chuckerytowers.plus.com>
> Reply: Graham Bosworth <gra...@chuckerytowers.plus.com>
> <gra...@chuckerytowers.plus.com>
> Date: 20 October 2017 at 1:29:56 AM
> To: Bill Shirley <bshir...@openmri-scottsboro.com>
> <bshir...@openmri-scottsboro.com>
> Cc: p...@opensuse.org <p...@opensuse.org> <p...@opensuse.org>,
> mitchellk...@gmail.com <mitchellk...@gmail.com> <mitchellk...@gmail.com>
> Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
> blocklist.de at same time?
>
> Hello Bill,
>
> I was looking forward to an answer to the question from Mitchell, but I
> did not notice any polite "Please" or "Can you" or any other such polite
> etiquette in the command "Do not hijack a thread. Start your own thread."
>
> A similar sentiment applies to Patrick Shanahan - why be unpleasant when
> you could be nice?
>
> I expect flames. I hope that they do not make me feel miserable.
>
> Yours,
> --
> Graham
> Is there a nice way of saying "euphemism"?
>
>
>
>
> On Thu, 19 Oct 2017, Bill Shirley wrote:
>
> > Date: Thu, 19 Oct 2017 18:10:14
> > From: Bill Shirley <bshir...@openmri-scottsboro.com>
> > To: fail2ban-users@lists.sourceforge.net
> > Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
> > blocklist.de at same time?
> >
> > Mitchell,
> > I don't think anyone here meant to grind on and on about thread
> hi-jacking.
> > You seemed
> > to not understand doing a reply and replacing the body and subject
> doesn't
> > create a
> > new thread. Now you do; mission accomplished.
> >
> > On to your original post, what is it that you want to send to badips.com
> and
> > blocklist.de?
> > Email? What have you tried?
> >
> > Bill
> >
> >
> > On 10/19/2017 8:58 AM, Mitchell Krog Photography wrote:
> > You are so very helpful Patrick, I will also just send your
> > emails to /dev/null
> > WOW, what a helpful mailing list this has become with such nice people
> > and NO …. YOU and 3 other people are the one ranting on about nonsense
> > and a simple mistake !!! but not one of you can actually even answer a
> > simple question.
> >
> > I will just seek help elsewhere, thank you very much.
> >
> > = unsubscribe
> >
> >
> > From: Patrick Shanahan <p...@opensuse.org>
> > Reply: Patrick Shanahan <p...@opensuse.org>
> > Date: 19 October 2017 at 2:54:16 PM
> > To: Mitchell Krog Photography <mitchellk...@gmail.com>
> > Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
> > blocklist.de at same time?
> >
> > * Mitchell Krog Photography <mitchellk...@gmail.com>
> > [10-19-17 06:50]:
> > > Patrick
> > >
> > > I help and have helped a lot of people on this list on
> > the time I have
> > > been on here. This list is turning into the likes of
> > Apache user lists
> > > where everybody rants and raves and nit picks about
> > nonsense instead of
> > > answering any questions. If you read my earlier replies
> > yesterday I
> > > said it was a mistake and not intentional so why go on
> > and on and on
> > > about it?
> > >
> > > Are you here to help users or try your very best just to
> > insult and
> > > offend them ?
> > >
> > > I guess I will probably get a quicker answer from
> > @Sebres on the github
> > > repo.
> > >
> > >
> > > From: Patrick Shanahan <p...@opensuse.org>
> > > Reply: Patrick Shanahan <p...@opensuse.org>
> > > Date: 19 October 2017 at 12:24:48 PM
> > > To: Mitchell Krog Photography <mitchellk...@gmail.com>
> > > Subject: Re: [Fail2ban-users] Possible Reporting to
> > badips.com and blocklist.de at same time?
> > >
> > > * Mitchell Krog Photography <mitchellk...@gmail.com>
> > [10-19-17 06:21]:
> > > > Hi All
> > > >
> > > > Is it possible when a jail blocks an IP to send
> > > > to badips.com + blocklist.de At the same time ?
> > > > If so can anyone point me in the right direction.
> > > >
> > > > Many Thanks
> > > >
> > > > For those accusing me of “hijacking threads” and
> > telling me to go and
> > > > Google “email hijacking” as if I have no idea what
> > that is having being
> > > > in the industry for 30 years … kindly see attached
> > screengrab of this
> > > > brand new message, completely blank and composed with
> > a slightly
> > > > different subject line.
> > >
> > > and what is it that you believe with your 30 years of
> > industrial
> > > experience, this proves. you do not show the complete
> > header, only what
> > > your chosen client reveals to you. google may (keyword)
> > indeed help you
> > > or not ???
> > >
> > > --
> > > (paka)Patrick Shanahan Plainfield, Indiana, USA
> > @ptilopteri
> > > http://en.opensuse.org openSUSE Community Member
> > facebook/ptilopteri
> > > Registered Linux User #207535 @ http://linuxcounter.net
> > > Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet
> > freenode
> >
> > I guess you *really* do not understand. and your choice to
> > continue
> > ranting is on you along with your choice to top post and
> > full quote and
> > unformatted text. I do have a solution:
> >
> > :0:
> > * ^From.*mitchellkrog
> > /dev/null
> >
> >
> > --
> > (paka)Patrick Shanahan Plainfield, Indiana, USA
> > @ptilopteri
> > http://en.opensuse.org openSUSE Community Member
> > facebook/ptilopteri
> > Registered Linux User #207535 @ http://linuxcounter.net
> > Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet
> > freenode
> [--- snipped --]
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
