Package: fail2ban Version: 1.0.2-1 Severity: normal Dear Maintainer,
Since fail2ban 1.0.2-1 when fail2ban start it write in the log : Nov 16 18:53:09 eiffel7 fail2ban-server[874403]: 2022-11-16 18:53:09,333 fail2ban.configreader [874403]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto' I've modified /etc/fail2ban/fail2ban.conf by adding a line 'allowipv6 = auto' and after that the message disapear. The other modified configuration files are modified to correct bug #1024263 but I don't know if s/-E 'set escape' // everywhere in action.d/ is a good answer to the problem. Regards -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-4-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fail2ban depends on: ii lsb-base 11.5 ii python3 3.10.6-1 ii sysvinit-utils [lsb-base] 3.05-6 Versions of packages fail2ban recommends: ii iptables 1.8.8-1 ii nftables 1.0.5-2 ii python3-pyinotify 0.9.6-2 ii python3-systemd 235-1+b1 ii whois 5.5.14 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1 ii mailutils [mailx] 1:3.15-3+b1 pn monit <none> ii rsyslog [system-log-daemon] 8.2210.0-3 ii sqlite3 3.39.4-1 -- Configuration Files: /etc/fail2ban/action.d/complain.conf changed: [INCLUDES] before = helpers-common.conf [Definition] debug = 0 norestored = 1 actionstart = actionstop = actioncheck = actionban = oifs=${IFS}; RESOLVER_ADDR="%(addr_resolver)s" if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"') IFS=,; ADDRESSES=$(echo $ADDRESSES) IFS=${oifs} IP=<ip> if [ ! -z "$ADDRESSES" ]; then ( printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)'; printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n"; %(_grep_logs)s; ) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES fi actionunban = addr_resolver = <ip-rev>abuse-contacts.abusix.org message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (i...@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n logpath = /dev/null mailcmd = mail -s mailargs = /etc/fail2ban/action.d/dshield.conf changed: [Definition] norestored = 1 actionstart = actionstop = if [ -f <tmpfile>.buffer ]; then cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest> date +%%s > <tmpfile>.lastsent fi rm -f <tmpfile>.buffer <tmpfile>.first actioncheck = actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE" PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols` if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi printf %%b "$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n" >> <tmpfile>.buffer NOW=`date +%%s` if [ ! -f <tmpfile>.first ]; then echo <time> | cut -d. -f1 > <tmpfile>.first fi if [ ! -f <tmpfile>.lastsent ]; then echo 0 > <tmpfile>.lastsent fi LOGAGE=$(($NOW - `cat <tmpfile>.first`)) LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`)) LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' ) if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || [ $LOGAGE -gt <maxbufferage> ]; then cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ $TZONE Fail2Ban" <mailargs> <dest> rm -f <tmpfile>.buffer <tmpfile>.first echo $NOW > <tmpfile>.lastsent fi actionunban = if [ -f <tmpfile>.first ]; then NOW=`date +%%s` LOGAGE=$(($NOW - `cat <tmpfile>.first`)) if [ $LOGAGE -gt <maxbufferage> ]; then cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest> rm -f <tmpfile>.buffer <tmpfile>.first echo $NOW > <tmpfile>.lastsent fi fi [Init] port = ??? userid = 0 myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'` protocol = tcp lines = 50 minreportinterval = 3600 maxbufferage = 21600 srcport = ??? tcpflags = mailcmd = mail -s mailargs = dest = repo...@dshield.org tmpfile = /var/run/fail2ban/tmp-dshield /etc/fail2ban/action.d/mail-buffered.conf changed: [Definition] norestored = 1 actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Output will be buffered until <lines> lines are available.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> actionstop = if [ -f <tmpfile> ]; then printf %%b "Hi,\n These hosts have been banned by Fail2Ban.\n `cat <tmpfile>` Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> rm <tmpfile> fi printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> actioncheck = actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> LINE=$( wc -l <tmpfile> | awk '{ print $1 }' ) if [ $LINE -ge <lines> ]; then printf %%b "Hi,\n These hosts have been banned by Fail2Ban.\n `cat <tmpfile>` \nRegards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> rm <tmpfile> fi actionunban = [Init] name = default lines = 5 tmpfile = /var/run/fail2ban/tmp-mail.txt dest = root /etc/fail2ban/action.d/mail-whois-lines.conf changed: [INCLUDES] before = mail-whois-common.conf helpers-common.conf [Definition] norestored = 1 actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest> actionstop = printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> actioncheck = _ban_mail_content = ( printf %%b "Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\n Here is more information about <ip> :\n" %(_whois_command)s; printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n"; %(_grep_logs)s; printf %%b "\n Regards,\n Fail2Ban" ) actionban = %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> actionunban = [Init] mailcmd = mail -s name = default dest = root logpath = /dev/null /etc/fail2ban/action.d/mail-whois.conf changed: [INCLUDES] before = mail-whois-common.conf [Definition] norestored = 1 actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> actionstop = printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> actioncheck = actionban = printf %%b "Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\n Here is more information about <ip> :\n `%(_whois_command)s`\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> actionunban = [Init] name = default dest = root /etc/fail2ban/action.d/mail.conf changed: [Definition] norestored = 1 actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> actionstop = printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> actioncheck = actionban = printf %%b "Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> actionunban = [Init] name = default dest = root /etc/fail2ban/fail2ban.conf changed: [DEFAULT] loglevel = INFO logtarget = /var/log/fail2ban.log syslogsocket = auto socket = /var/run/fail2ban/fail2ban.sock pidfile = /var/run/fail2ban/fail2ban.pid allowipv6 = auto dbfile = /var/lib/fail2ban/fail2ban.sqlite3 dbpurgeage = 1d dbmaxmatches = 10 [Definition] [Thread] -- no debconf information