Package: fail2ban
Version: 1.0.2-1
Severity: normal

Dear Maintainer,

Since fail2ban 1.0.2-1 when fail2ban start it write in the log :
Nov 16 18:53:09 eiffel7 fail2ban-server[874403]: 2022-11-16 18:53:09,333 
fail2ban.configreader   [874403]: WARNING 'allowipv6' not defined in 
'Definition'. Using default one: 'auto'

I've modified /etc/fail2ban/fail2ban.conf by adding a line
'allowipv6 = auto'
and after that the message disapear.

The other modified configuration files are modified to correct bug #1024263 but 
I don't know
if s/-E 'set escape' // everywhere in action.d/ is a good answer to the problem.

Regards

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fail2ban depends on:
ii  lsb-base                   11.5
ii  python3                    3.10.6-1
ii  sysvinit-utils [lsb-base]  3.05-6

Versions of packages fail2ban recommends:
ii  iptables           1.8.8-1
ii  nftables           1.0.5-2
ii  python3-pyinotify  0.9.6-2
ii  python3-systemd    235-1+b1
ii  whois              5.5.14

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]            8.1.2-0.20220412cvs-1
ii  mailutils [mailx]            1:3.15-3+b1
pn  monit                        <none>
ii  rsyslog [system-log-daemon]  8.2210.0-3
ii  sqlite3                      3.39.4-1

-- Configuration Files:
/etc/fail2ban/action.d/complain.conf changed:
[INCLUDES]
before = helpers-common.conf
[Definition]
debug = 0
norestored = 1
actionstart =
actionstop =
actioncheck =
actionban = oifs=${IFS};
            RESOLVER_ADDR="%(addr_resolver)s"
            if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; 
fi
            ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
            IFS=,; ADDRESSES=$(echo $ADDRESSES)
            IFS=${oifs}
            IP=<ip>
            if [ ! -z "$ADDRESSES" ]; then
                ( printf %%b "<message>\n"; date '+Note: Local timezone is %%z 
(%%Z)'; 
                  printf %%b "\nLines containing failures of <ip> (max 
<grepmax>)\n";
                  %(_grep_logs)s;
                ) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES
            fi
actionunban =
addr_resolver = <ip-rev>abuse-contacts.abusix.org
message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, 
which according to a abusix.com is on your network. We would appreciate if you 
would investigate and take action as appropriate.\n\nLog lines are given below, 
but please ask if you require any further information.\n\n(If you are not the 
correct person to contact about this please accept our apologies - your e-mail 
address was extracted from the whois record by an automated process.)\n\n This 
mail was generated by Fail2Ban.\nThe recipient address of this report was 
provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain 
the content of the database. All information which we pass out, derives from 
the RIR databases and is processed for ease of use. If you want to change or 
report non working abuse contacts please contact the appropriate RIR. If you 
have any further question, contact abusix.com directly via email 
(i...@abusix.com). Information about the Abuse Contact Database can be found 
here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is 
neither responsible nor liable for the content or accuracy of this message.\n
logpath = /dev/null
mailcmd = mail -s
mailargs =

/etc/fail2ban/action.d/dshield.conf changed:
[Definition]
norestored = 1
actionstart =
actionstop = if [ -f <tmpfile>.buffer ]; then
                 cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID 
<userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> 
<dest>
                 date +%%s > <tmpfile>.lastsent
             fi
             rm -f <tmpfile>.buffer <tmpfile>.first
actioncheck =
actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
            DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d 
%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
            PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' 
/etc/protocols`
            if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
            printf %%b 
"$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n"
 >> <tmpfile>.buffer
            NOW=`date +%%s`
            if [ ! -f <tmpfile>.first ]; then
                echo <time> | cut -d. -f1 > <tmpfile>.first
            fi
            if [ ! -f <tmpfile>.lastsent ]; then
                echo 0 > <tmpfile>.lastsent
            fi
            LOGAGE=$(($NOW - `cat <tmpfile>.first`))
            LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`))
            LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' )
            if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || 
[ $LOGAGE -gt <maxbufferage> ]; then
                cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID 
<userid> TZ $TZONE Fail2Ban" <mailargs> <dest>
                rm -f <tmpfile>.buffer <tmpfile>.first
                echo $NOW > <tmpfile>.lastsent
            fi
actionunban = if [ -f <tmpfile>.first ]; then
                  NOW=`date +%%s`
                  LOGAGE=$(($NOW - `cat <tmpfile>.first`))
                  if [ $LOGAGE -gt <maxbufferage> ]; then
                      cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID 
<userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> 
<dest>
                      rm -f <tmpfile>.buffer <tmpfile>.first
                      echo $NOW > <tmpfile>.lastsent
                  fi
              fi
[Init]
port = ???
userid = 0
myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet 
([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
protocol = tcp
lines = 50
minreportinterval = 3600
maxbufferage = 21600
srcport = ???
tcpflags =
mailcmd = mail -s
mailargs =
dest = repo...@dshield.org
tmpfile = /var/run/fail2ban/tmp-dshield

/etc/fail2ban/action.d/mail-buffered.conf changed:
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Output will be buffered until <lines> lines are available.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" 
<dest>
actionstop = if [ -f <tmpfile> ]; then
                 printf %%b "Hi,\n
                 These hosts have been banned by Fail2Ban.\n
                 `cat <tmpfile>`
                 Regards,\n
                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from 
<fq-hostname>" <dest>
                 rm <tmpfile>
             fi
             printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" 
<dest>
actioncheck = 
actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
            LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
            if [ $LINE -ge <lines> ]; then
                printf %%b "Hi,\n
                These hosts have been banned by Fail2Ban.\n
                `cat <tmpfile>`
                \nRegards,\n
                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
                rm <tmpfile>
            fi
actionunban = 
[Init]
name = default
lines = 5
tmpfile = /var/run/fail2ban/tmp-mail.txt
dest = root

/etc/fail2ban/action.d/mail-whois-lines.conf changed:
[INCLUDES]
before = mail-whois-common.conf
         helpers-common.conf
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on 
<fq-hostname>" <dest>
actionstop = printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: stopped on 
<fq-hostname>" <dest>
actioncheck = 
_ban_mail_content = ( printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here is more information about <ip> :\n"
            %(_whois_command)s;
            printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
            %(_grep_logs)s;
            printf %%b "\n
            Regards,\n
            Fail2Ban" )
actionban = %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip> 
from <fq-hostname>" <dest>
actionunban = 
[Init]
mailcmd = mail -s
name = default
dest = root
logpath = /dev/null

/etc/fail2ban/action.d/mail-whois.conf changed:
[INCLUDES]
before = mail-whois-common.conf
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" 
<dest>
actionstop = printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" 
<dest>
actioncheck = 
actionban = printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here is more information about <ip> :\n
            `%(_whois_command)s`\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from 
<fq-hostname>" <dest>
actionunban = 
[Init]
name = default
dest = root

/etc/fail2ban/action.d/mail.conf changed:
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" 
<dest>
actionstop = printf %%b "Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" 
<dest>
actioncheck = 
actionban = printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from 
<fq-hostname>" <dest>
actionunban = 
[Init]
name = default
dest = root

/etc/fail2ban/fail2ban.conf changed:
[DEFAULT]
loglevel = INFO
logtarget = /var/log/fail2ban.log
syslogsocket = auto
socket = /var/run/fail2ban/fail2ban.sock
pidfile = /var/run/fail2ban/fail2ban.pid
allowipv6 = auto
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
dbpurgeage = 1d
dbmaxmatches = 10
[Definition]
[Thread]


-- no debconf information

Reply via email to