----- Message from Nick Howitt <n...@howitts.co.uk> ---------
Date: Sat, 10 Jul 2021 10:50:02 +0100
From: Nick Howitt <n...@howitts.co.uk>
Subject: [Fail2ban-users] NOTICE Jail started without 'journalmatch' set
To: fail2ban-users@lists.sourceforge.net
I am running F2b v0.11.1 from EPEL on ClearOS 7 (binary compatible
with Centos7). Every time I start f2b I see the following in my logs:
2021-07-09 07:18:48,499 fail2ban.filtersystemd [5101]: INFO
[postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2021-07-09 07:18:48,505 fail2ban.filter [5101]: INFO maxRetry: 5
2021-07-09 07:18:48,505 fail2ban.filter [5101]: INFO encoding: UTF-8
2021-07-09 07:18:48,505 fail2ban.filter [5101]: INFO findtime: 36000
2021-07-09 07:18:48,505 fail2ban.actions [5101]: INFO banTime: 432000
2021-07-09 07:18:48,506 fail2ban.jail [5101]: INFO
Creating new jail 'postfix-sasl'
2021-07-09 07:18:48,506 fail2ban.jail [5101]: INFO Jail
'postfix-sasl' uses systemd {}
2021-07-09 07:18:48,506 fail2ban.jail [5101]: INFO
Initiated 'systemd' backend
2021-07-09 07:18:48,506 fail2ban.filtersystemd [5101]: INFO
[postfix-sasl] Added journal match for:
'_SYSTEMD_UNIT=postfix.service'
2021-07-09 07:18:48,508 fail2ban.filter [5101]: INFO maxRetry: 1
2021-07-09 07:18:48,508 fail2ban.filter [5101]: INFO encoding: UTF-8
2021-07-09 07:18:48,508 fail2ban.filter [5101]: INFO findtime: 14400
2021-07-09 07:18:48,508 fail2ban.actions [5101]: INFO banTime: 432000
2021-07-09 07:18:48,508 fail2ban.jail [5101]: INFO
Creating new jail 'cyrus-imap'
2021-07-09 07:18:48,508 fail2ban.jail [5101]: INFO Jail
'cyrus-imap' uses systemd {}
2021-07-09 07:18:48,508 fail2ban.jail [5101]: INFO
Initiated 'systemd' backend
2021-07-09 07:18:48,510 fail2ban.filter [5101]: INFO maxRetry: 1
2021-07-09 07:18:48,510 fail2ban.filter [5101]: INFO encoding: UTF-8
2021-07-09 07:18:48,510 fail2ban.filter [5101]: INFO findtime: 86400
2021-07-09 07:18:48,510 fail2ban.actions [5101]: INFO banTime: 432000
<snip>
2021-07-09 07:18:48,993 fail2ban.jail [5101]: INFO Jail
'postfix' started
2021-07-09 07:18:48,997 fail2ban.jail [5101]: INFO Jail
'postfix-sasl' started
2021-07-09 07:18:48,997 fail2ban.filtersystemd [5101]: NOTICE Jail
started without 'journalmatch' set. Jail regexs will be checked
against all journal entries, which is not advised for performance
reasons.
2021-07-09 07:18:48,998 fail2ban.jail [5101]: INFO Jail
'cyrus-imap' started
I assume the journalmatch warning is in reference to the preceding
jail, postfix-sasl, but if that is the case, why is the postfix jail
not seeing the same warning?
At the same time the jails are using the default basic configuration
except for changed findtime, bantime and max retries, and for
cyrus-imap the port range is extended to include imap3, pop3 and
pop3s.
Do you know why I am getting the warning and what do I need to do to fix it?
Regards,
Nick
It's the cyrus-imap jail, not Postfix - that line is BEFORE the
applicable jail, not after it... it's a message on its way to starting
the jail. Postfix jail has already started when that message is
logged, so it's fine - as also indicated by the earlier messages in
your log about "added journal match".
Look in /etc/fail2ban/filter.d/cyrus.imap.conf and you will see it has
no journal-match line.
I have added
journalmatch = _SYSTEMD_UNIT=cyrus-imapd.service
... on my machine to a copied cyrus.imap.conf file as cyrus.imap.local.
Simon.
--
Simon Wilson
M: 0400 12 11 16
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
