Re: [Fail2ban-users] error in log
Again, post your firewallcmd-ipset action. There's something wrong with it or
with the way your [manban] jail is defaulting to it.
Is /var/log/manban.log an apache error log file? logpath is the name of the
file
fail2ban is to monitor, not the place for fail2ban log its actions.
Also, your filter doesn't match your sample trigger line. It should be
something like this:
failregex = \[client \].+File does not exist.*roundcubemail.*$
Do not include regex logic to skip over the time.
You can test this with:
fail2ban-regex /var/log/manban /etc/fail2ban/filter.d/manban.conf
Bill
On 2/14/2018 8:38 PM, M.P. wrote:
can someone explain to me where the error is in this configuration? Here's the error message I get when manually trying to
ban using the jail, "manban" - I think I may need a slightly different set of parms to shut out certain ports and am not using
the right references..
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset add fail2ban-manban 118.69.37.118 timeout 7776000 -exist
-- stdout: ''
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset add fail2ban-manban 118.69.37.118 timeout 7776000 -exist
-- stderr: 'ipset v6.29: The set with the given name does not exist\n'
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset add fail2ban-manban 118.69.37.118 timeout 7776000 -exist
-- returned 1
2018-02-12 13:38:01,892 fail2ban.actions [1305]: ERROR Failed to execute ban jail 'manban' action 'firewallcmd-ipset'
info 'CallingMap({'ipjailmatches': at 0x124c938>, 'matches': '', 'ip': '118.69.37.118', 'ipmatches':
at 0x124ca28>, 'ipfailures': at 0x124c578>, 'time': 1518464281.783138, 'failures': 1,
'ipjailfailures': at 0x124c6e0>})': Error banning 118.69.37.118
jail.local: (think the problem may be with the command/parms I'm using to
determine which ports to block)
[manban]
enabled = true
filter = manban
port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks,21,22
logpath = /var/log/manban.log
maxretry = 1
# 1 month
bantime = 2592000
findtime = 3600
manban.conf: (I assume this isn't the problem because this is a copy of an
existing conf that isn't being actively tested)
[INCLUDES]
before = common.conf
[Definition]
#Looks for failed password logins to SMTP
# sample trigger line: [Fri Aug 19 10:33:10 2011] [error] [client 207.171.3.138] File does not exist:
/var/www/skraps/roundcubemail
failregex = ^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2} \d{1,4}. \[error] \[client.].File does not
exist:.{1,40}roundcube.{1
,200}
ignoreregex =
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] error in log
I must have left out that configuration
option. I'm not sure where to put it. Can
anybody tell me what is missing? Basically I
want to block out x number of ports (by number if not name)
At 11:00 PM 2/15/2018, you wrote:
Content-Type: multipart/alternative;
boundary="990F4B5EE39CD743274188C9"
Content-Language: en-US
You have a problem with your firewallcmd-ipset action which you didn't post.
Bill
On 2/14/2018 8:38 PM, M.P. wrote:
can someone explain to me where the error is in
this configuration? Here's the error message
I get when manually trying to ban using the
jail, "manban" - I think I may need a slightly
different set of parms to shut out certain
ports and am not using the right references..
2018-02-12 13:38:01,892 fail2ban.action   Â
    [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- stdout: ''
2018-02-12 13:38:01,892 fail2ban.action   Â
    [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000
-exist -- stderr: 'ipset v6.29: The set with the given name does not exist\n'
2018-02-12 13:38:01,892 fail2ban.action   Â
    [1305]: ERROR  ipset add
fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- returned 1
2018-02-12 13:38:01,892 fail2ban.actions   Â
   [1305]: ERROR  Failed to execute ban
jail 'manban' action 'firewallcmd-ipset' info
'CallingMap({'ipjailmatches': at 0x124c938>, 'matches': '', 'ip':
'118.69.37.118', 'ipmatches': at 0x124ca28>, 'ipfailures': at 0x124c578>, 'time':
1518464281.783138, 'failures': 1,
'ipjailfailures': at
0x124c6e0>})': Error banning 118.69.37.118
jail.local:Â (think the problem may be with
the command/parms I'm using to determine which ports to block)
[manban]
enabled = true
filter  = manban
port =
smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks,21,22
logpath = /var/log/manban.log
maxretry = 1
# 1 month
bantime = 2592000
findtime = 3600
manban.conf:Â (I assume this isn't the problem
because this is a copy of an existing conf that isn't being actively tested)
[INCLUDES]
before = common.conf
[Definition]
#Looks for failed password logins to SMTP
# sample trigger line: [Fri Aug 19 10:33:10
2011] [error] [client 207.171.3.138] File does
not exist: /var/www/skraps/roundcubemail
failregex =
^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2}
\d{1,4}. \[error] \[client.].File does not exist:.{1,40}roundcube.{1
,200}
ignoreregex =
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] error in log
You have a problem with your firewallcmd-ipset action which you didn't post.
Bill
On 2/14/2018 8:38 PM, M.P. wrote:
can someone explain to me where the error is in this configuration? Here's the error message I get when manually trying to
ban using the jail, "manban" - I think I may need a slightly different set of parms to shut out certain ports and am not using
the right references..
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset add fail2ban-manban 118.69.37.118 timeout 7776000 -exist
-- stdout: ''
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset add fail2ban-manban 118.69.37.118 timeout 7776000 -exist
-- stderr: 'ipset v6.29: The set with the given name does not exist\n'
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset add fail2ban-manban 118.69.37.118 timeout 7776000 -exist
-- returned 1
2018-02-12 13:38:01,892 fail2ban.actions [1305]: ERROR Failed to execute ban jail 'manban' action 'firewallcmd-ipset'
info 'CallingMap({'ipjailmatches': at 0x124c938>, 'matches': '', 'ip': '118.69.37.118', 'ipmatches':
at 0x124ca28>, 'ipfailures': at 0x124c578>, 'time': 1518464281.783138, 'failures': 1,
'ipjailfailures': at 0x124c6e0>})': Error banning 118.69.37.118
jail.local: (think the problem may be with the command/parms I'm using to
determine which ports to block)
[manban]
enabled = true
filter = manban
port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks,21,22
logpath = /var/log/manban.log
maxretry = 1
# 1 month
bantime = 2592000
findtime = 3600
manban.conf: (I assume this isn't the problem because this is a copy of an
existing conf that isn't being actively tested)
[INCLUDES]
before = common.conf
[Definition]
#Looks for failed password logins to SMTP
# sample trigger line: [Fri Aug 19 10:33:10 2011] [error] [client 207.171.3.138] File does not exist:
/var/www/skraps/roundcubemail
failregex = ^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2} \d{1,4}. \[error] \[client.].File does not
exist:.{1,40}roundcube.{1
,200}
ignoreregex =
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[Fail2ban-users] error in log
can someone explain to me where the error is in this
configuration? Here's the error message I get when manually trying
to ban using the jail, "manban" - I think I may need a slightly
different set of parms to shut out certain ports and am not using the
right references..
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset
add fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- stdout: ''
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset
add fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- stderr:
'ipset v6.29: The set with the given name does not exist\n'
2018-02-12 13:38:01,892 fail2ban.action [1305]: ERROR ipset
add fail2ban-manban 118.69.37.118 timeout 7776000 -exist -- returned 1
2018-02-12 13:38:01,892 fail2ban.actions[1305]:
ERROR Failed to execute ban jail 'manban' action
'firewallcmd-ipset' info 'CallingMap({'ipjailmatches': at 0x124c938>, 'matches': '', 'ip': '118.69.37.118',
'ipmatches': at 0x124ca28>, 'ipfailures':
at 0x124c578>, 'time': 1518464281.783138,
'failures': 1, 'ipjailfailures': at 0x124c6e0>})':
Error banning 118.69.37.118
jail.local: (think the problem may be with the command/parms I'm
using to determine which ports to block)
[manban]
enabled = true
filter = manban
port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks,21,22
logpath = /var/log/manban.log
maxretry = 1
# 1 month
bantime = 2592000
findtime = 3600
manban.conf: (I assume this isn't the problem because this is a copy
of an existing conf that isn't being actively tested)
[INCLUDES]
before = common.conf
[Definition]
#Looks for failed password logins to SMTP
# sample trigger line: [Fri Aug 19 10:33:10 2011] [error] [client
207.171.3.138] File does not exist: /var/www/skraps/roundcubemail
failregex = ^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2}
\d{1,4}. \[error] \[client.].File does not exist:.{1,40}roundcube.{1
,200}
ignoreregex =
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
