[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 Christophe De Natalechanged: What|Removed |Added Status|UNCONFIRMED |CLOSED Resolution|--- |NOTABUG --- Comment #16 from Christophe De Natale --- Not a bug but a misunderstanding, sorry -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #15 from Daniel B.--- (In reply to Christophe De Natale from comment #14) > (In reply to Daniel B. from comment #12) > > So, everything seems fine. Your jail.conf is not empty. What makes you think > > fail2ban is not working as expected ? > > Hello Daniel and thank you, > Maybe I misunderstand fail2ban purpose and mechanism but in looking in > firewall logs, some ip should be banned. Please define, why should it be banned. Have you seen failed auth against ssh for example ? > > To test, I've set-up my sme-server in gateway-public mode for three hours > now. > This ip (5.188.11.17) scans for 67 times (on different ports) and is not > banned. Fail2Ban doesn't ban based on port scan, but on auth failure (mainly, it can also trigger on some known GET attempt on apache logs) -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #14 from Christophe De Natale--- (In reply to Daniel B. from comment #12) > So, everything seems fine. Your jail.conf is not empty. What makes you think > fail2ban is not working as expected ? Hello Daniel and thank you, Maybe I misunderstand fail2ban purpose and mechanism but in looking in firewall logs, some ip should be banned. To test, I've set-up my sme-server in gateway-public mode for three hours now. This ip (5.188.11.17) scans for 67 times (on different ports) and is not banned. [root@srvkrisbtk ~]# /root/checklist_ban ftp 0 http-auth 0 http-badbots 0 http-fakegooglebot 0 http-noscript 0 http-overflows 0 http-scan 0 http-shellshock 0 imap 0 pam-generic 0 qpsmtpd 0 recidive 0 ssh 0 ssh-ddos 0 ### -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #12 from Daniel B.--- So, everything seems fine. Your jail.conf is not empty. What makes you think fail2ban is not working as expected ? -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #11 from Christophe De Natale--- Created attachment 6053 --> https://bugs.contribs.org/attachment.cgi?id=6053=edit /etc/fail2ban/jail.conf Two things at the same time...This is the good conf, sorry -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #10 from Daniel B.--- This is still fail2ban.conf instead of jail.conf -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #9 from Christophe De Natale--- Created attachment 6052 --> https://bugs.contribs.org/attachment.cgi?id=6052=edit /etc/fail2ban/jail.conf Sorry my mistake here is jail.conf -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #8 from Christophe De Natale--- Created attachment 6051 --> https://bugs.contribs.org/attachment.cgi?id=6051=edit /etc/fail2ban/fail2ban.conf -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #7 from Christophe De Natale--- (In reply to Daniel B. from comment #6) > Please attach your /etc/fail2ban/jail.conf Done -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #6 from Daniel B.--- Please attach your /etc/fail2ban/jail.conf -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #4 from Christophe De Natale--- (In reply to Daniel B. from comment #3) > (In reply to Christophe De Natale from comment #2) > > Created attachment 6049 [details] > > after re-install fail2ban > > > > Done but it is the same, see attachment please. > > "jail.conf" is empty : > > # cat /etc/e-smith/templates/etc/fail2ban/jail.conf/00Default > > [DEFAULT] > > Did you ran the post-upgrade and reboot ? From your logs, fail2ban is being > started with a default config, instead of the configuration adapted for SME. Yes of course, I follow all instructions > > What happens when you run > > expand-template /etc/fail2ban/fail2ban.conf > expand-template /etc/fail2ban/jail.conf Nothing happens (return to to line) > Alos, please attach the result of /sbin/e-smith/audittools/templates again -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #3 from Daniel B.--- (In reply to Christophe De Natale from comment #2) > Created attachment 6049 [details] > after re-install fail2ban > > Done but it is the same, see attachment please. > "jail.conf" is empty : > # cat /etc/e-smith/templates/etc/fail2ban/jail.conf/00Default > [DEFAULT] Did you ran the post-upgrade and reboot ? From your logs, fail2ban is being started with a default config, instead of the configuration adapted for SME. What happens when you run expand-template /etc/fail2ban/fail2ban.conf expand-template /etc/fail2ban/jail.conf Alos, please attach the result of /sbin/e-smith/audittools/templates again -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 --- Comment #1 from Daniel B.--- You have modified /etc/e-smith/templates/etc/fail2ban/jail.conf/00Default which shouyld never be done. My guess is that you have introduced a syntax error in this template and the whole expand-template for /etc/fail2ban/jail.conf just fails, that's why it stays empty. Reinstall with yum reinstall smeserver-fail2ban --enablerepo=fws Then finish with signal-event post-upgrade signal-event reboot -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
[contribteam] [Bug 10551] fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log'
https://bugs.contribs.org/show_bug.cgi?id=10551 Bug ID: 10551 Summary: fail2ban doesn't work : No such file or directory: '/var/log/httpd/error_log' Classification: Contribs Product: SME Contribs Version: 9.2 Hardware: x86_64 OS: --- Status: UNCONFIRMED Severity: major Priority: P3 Component: smeserver-fail2ban Assignee: dan...@firewall-services.com Reporter: cont...@cdninfo.fr QA Contact: contribteam@lists.contribs.org Target Milestone: --- Created attachment 6048 --> https://bugs.contribs.org/attachment.cgi?id=6048=edit config report + fail2ban daemon log Hello, I've installed this contrib on a fresh sme-server 9.2 install, no customization (just the script to list fail2ban activity). After some days and check my iptables log, I notice that some ip should be banned but it doesn't ; to test, I've put my "Orange LiveBox modem" in dmz mode (same as bridge mode) and sme-server in "gateway-public" but fail2ban does nothing. File "default jail.conf" was empty (just [DEFAULT] line) then I expand template (not custom) to fill it as shown on contrib web page but this does not solve the issue. There are many log from /var/log/fail2ban/daemon.log which is attached with these lines : Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/fail2ban/server/filter.py", line 696, in getFailures has_content = log.open() File "/usr/lib/python2.6/site-packages/fail2ban/server/filter.py", line 802, in open self.__handler = open(self.__filename, 'rb') IOError: [Errno 2] No such file or directory: '/var/log/secure' Thank you for help -- You are receiving this mail because: You are the QA Contact for the bug.___ Mail for each SME Contribs bug report To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org Searchable archive at https://lists.contribs.org/mailman/public/contribteam/