Note that my failregex shouldn't matter because
I'm not actually looking to have it triggered
automatically. I call this jail manually from
the command line. The problem isn't with the
trigger, but with the action. Admittedly I
pieced together different sample configs to try
and make this work but something is off.
Where can I find the firewallcmd-ipset action?
Again, post your firewallcmd-ipset
action. There's something wrong with it or
with the way your [manban] jail is defaulting to it.
Is /var/log/manban.log an apache error log
file? logpath is the name of the file
fail2ban is to monitor, not the place for fail2ban log its actions.
Also, your filter doesn't match your sample
trigger line. It should be something like this:
failregex = \[client <HOST>\].+File does not exist.*roundcubemail.*$
Do not include regex logic to skip over the time.
You can test this with:
fail2ban-regex /var/log/manban /etc/fail2ban/filter.d/manban.conf
Bill
On 2/14/2018 8:38 PM, M.P. wrote:
can someone explain to me where the error is in
this configuration? Here's the error message
I get when manually trying to ban using the
jail, "manban" - I think I may need a slightly
different set of parms to shut out certain
ports and am not using the right references..
2018-02-12 13:38:01,892 fail2ban.action   Â
    [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- stdout: ''
2018-02-12 13:38:01,892 fail2ban.action   Â
    [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000
-exist -- stderr: 'ipset v6.29: The set with the given name does not exist\n'
2018-02-12 13:38:01,892 fail2ban.action   Â
    [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- returned 1
2018-02-12 13:38:01,892 fail2ban.actions   Â
   [1305]: ERROR  Failed to execute ban
jail 'manban' action 'firewallcmd-ipset' info
'CallingMap({'ipjailmatches': <function
<lambda> at 0x124c938>, 'matches': '', 'ip':
'118.69.37.118', 'ipmatches': <function
<lambda> at 0x124ca28>, 'ipfailures': <function
<lambda> at 0x124c578>, 'time':
1518464281.783138, 'failures': 1,
'ipjailfailures': <function <lambda> at
0x124c6e0>})': Error banning 118.69.37.118
jail.local:Â (think the problem may be with
the command/parms I'm using to determine which ports to block)
[manban]
enabled = true
filter  = manban
port =
smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks,21,22
logpath = /var/log/manban.log
maxretry = 1
# 1 month
bantime = 2592000
findtime = 3600
manban.conf:Â (I assume this isn't the problem
because this is a copy of an existing conf that isn't being actively tested)
[INCLUDES]
before = common.conf
[Definition]
#Looks for failed password logins to SMTP
# sample trigger line: [Fri Aug 19 10:33:10
2011] [error] [client 207.171.3.138] File does
not exist: /var/www/skraps/roundcubemail
failregex =
^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2}
\d{1,4}. \[error] \[client.<HOST>].File does not exist:.{1,40}roundcube.{1
,200}
ignoreregex =
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
<http://sdm.link/slashdot>http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
<mailto:Fail2ban-users@lists.sourceforge.net>Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
