[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

Christophe De Natale  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CLOSED
 Resolution|--- |NOTABUG

--- Comment #16 from Christophe De Natale  ---
Not a bug but a misunderstanding, sorry

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #15 from Daniel B.  ---
(In reply to Christophe De Natale from comment #14)
> (In reply to Daniel B. from comment #12)
> > So, everything seems fine. Your jail.conf is not empty. What makes you think
> > fail2ban is not working as expected ?
> 
> Hello Daniel and thank you,
> Maybe I misunderstand fail2ban purpose and mechanism but in looking in
> firewall logs, some ip should be banned.

Please define, why should it be banned. Have you seen failed auth against ssh
for example ?

> 
> To test, I've set-up my sme-server in gateway-public mode for three hours
> now.
> This ip (5.188.11.17) scans for 67 times (on different ports) and is not
> banned.

Fail2Ban doesn't ban based on port scan, but on auth failure (mainly, it can
also trigger on some known GET attempt on apache logs)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #14 from Christophe De Natale  ---
(In reply to Daniel B. from comment #12)
> So, everything seems fine. Your jail.conf is not empty. What makes you think
> fail2ban is not working as expected ?

Hello Daniel and thank you,
Maybe I misunderstand fail2ban purpose and mechanism but in looking in firewall
logs, some ip should be banned.

To test, I've set-up my sme-server in gateway-public mode for three hours now.
This ip (5.188.11.17) scans for 67 times (on different ports) and is not
banned.


[root@srvkrisbtk ~]# /root/checklist_ban 
ftp 0
http-auth 0
http-badbots 0
http-fakegooglebot 0
http-noscript 0
http-overflows 0
http-scan 0
http-shellshock 0
imap 0
pam-generic 0
qpsmtpd 0
recidive 0
ssh 0
ssh-ddos 0
###

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #12 from Daniel B.  ---
So, everything seems fine. Your jail.conf is not empty. What makes you think
fail2ban is not working as expected ?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #11 from Christophe De Natale  ---
Created attachment 6053
  --> https://bugs.contribs.org/attachment.cgi?id=6053=edit
/etc/fail2ban/jail.conf

Two things at the same time...This is the good conf, sorry

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #10 from Daniel B.  ---
This is still fail2ban.conf instead of jail.conf

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #9 from Christophe De Natale  ---
Created attachment 6052
  --> https://bugs.contribs.org/attachment.cgi?id=6052=edit
/etc/fail2ban/jail.conf

Sorry my mistake here is jail.conf

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #8 from Christophe De Natale  ---
Created attachment 6051
  --> https://bugs.contribs.org/attachment.cgi?id=6051=edit
/etc/fail2ban/fail2ban.conf

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #7 from Christophe De Natale  ---
(In reply to Daniel B. from comment #6)
> Please attach your /etc/fail2ban/jail.conf

Done

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #6 from Daniel B.  ---
Please attach your /etc/fail2ban/jail.conf

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #4 from Christophe De Natale  ---
(In reply to Daniel B. from comment #3)
> (In reply to Christophe De Natale from comment #2)
> > Created attachment 6049 [details]
> > after re-install fail2ban
> > 
> > Done but it is the same, see attachment please.
> > "jail.conf" is empty :
> > # cat /etc/e-smith/templates/etc/fail2ban/jail.conf/00Default 
> > [DEFAULT]
> 
> Did you ran the post-upgrade and reboot ? From your logs, fail2ban is being
> started with a default config, instead of the configuration adapted for SME.

Yes of course, I follow all instructions
> 
> What happens when you run
> 
> expand-template /etc/fail2ban/fail2ban.conf
> expand-template /etc/fail2ban/jail.conf

Nothing happens (return to to line)

> Alos, please attach the result of /sbin/e-smith/audittools/templates again

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #3 from Daniel B.  ---
(In reply to Christophe De Natale from comment #2)
> Created attachment 6049 [details]
> after re-install fail2ban
> 
> Done but it is the same, see attachment please.
> "jail.conf" is empty :
> # cat /etc/e-smith/templates/etc/fail2ban/jail.conf/00Default 
> [DEFAULT]

Did you ran the post-upgrade and reboot ? From your logs, fail2ban is being
started with a default config, instead of the configuration adapted for SME.

What happens when you run

expand-template /etc/fail2ban/fail2ban.conf
expand-template /etc/fail2ban/jail.conf


Alos, please attach the result of /sbin/e-smith/audittools/templates again

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

--- Comment #1 from Daniel B.  ---
You have modified /etc/e-smith/templates/etc/fail2ban/jail.conf/00Default which
shouyld never be done. My guess is that you have introduced a syntax error in
this template and the whole expand-template for /etc/fail2ban/jail.conf just
fails, that's why it stays empty.

Reinstall with

yum reinstall smeserver-fail2ban --enablerepo=fws

Then finish with

signal-event post-upgrade
signal-event reboot

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'

[bugzilla-daemon]

https://bugs.contribs.org/show_bug.cgi?id=10551

Bug ID: 10551
   Summary: fail2ban doesn't work : No such file or directory:
'/var/log/httpd/error_log'
Classification: Contribs
   Product: SME Contribs
   Version: 9.2
  Hardware: x86_64
OS: ---
Status: UNCONFIRMED
  Severity: major
  Priority: P3
 Component: smeserver-fail2ban
  Assignee: dan...@firewall-services.com
  Reporter: cont...@cdninfo.fr
QA Contact: contribteam@lists.contribs.org
  Target Milestone: ---

Created attachment 6048
  --> https://bugs.contribs.org/attachment.cgi?id=6048=edit
config report + fail2ban daemon log

Hello,

I've installed this contrib on a fresh sme-server 9.2 install, no customization
(just the script to list fail2ban activity).
After some days and check my iptables log, I notice that some ip should be
banned but it doesn't ; to test, I've put my "Orange LiveBox modem" in dmz mode
(same as bridge mode) and sme-server in "gateway-public" but fail2ban does
nothing.

File "default jail.conf" was empty (just [DEFAULT] line) then I expand template
(not custom) to fill it as shown on contrib web page but this does not solve
the issue.

There are many log from /var/log/fail2ban/daemon.log which is attached with
these lines :
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/fail2ban/server/filter.py", line 696,
in getFailures
has_content = log.open()
  File "/usr/lib/python2.6/site-packages/fail2ban/server/filter.py", line 802,
in open
self.__handler = open(self.__filename, 'rb')
IOError: [Errno 2] No such file or directory: '/var/log/secure'

Thank you for help

-- 
You are receiving this mail because:
You are the QA Contact for the bug.___
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/