Package: fail2ban
Version: 1.0.2-1
Severity: normal
Dear Maintainer,
Since fail2ban 1.0.2-1 when fail2ban start it write in the log :
Nov 16 18:53:09 eiffel7 fail2ban-server[874403]: 2022-11-16 18:53:09,333
fail2ban.configreader [874403]: WARNING 'allowipv6' not defined in
'Definition'. Using default one: 'auto'
I've modified /etc/fail2ban/fail2ban.conf by adding a line
'allowipv6 = auto'
and after that the message disapear.
The other modified configuration files are modified to correct bug #1024263 but
I don't know
if s/-E 'set escape' // everywhere in action.d/ is a good answer to the problem.
Regards
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages fail2ban depends on:
ii lsb-base 11.5
ii python3 3.10.6-1
ii sysvinit-utils [lsb-base] 3.05-6
Versions of packages fail2ban recommends:
ii iptables 1.8.8-1
ii nftables 1.0.5-2
ii python3-pyinotify 0.9.6-2
ii python3-systemd 235-1+b1
ii whois 5.5.14
Versions of packages fail2ban suggests:
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1
ii mailutils [mailx] 1:3.15-3+b1
pn monit <none>
ii rsyslog [system-log-daemon] 8.2210.0-3
ii sqlite3 3.39.4-1
-- Configuration Files:
/etc/fail2ban/action.d/complain.conf changed:
[INCLUDES]
before = helpers-common.conf
[Definition]
debug = 0
norestored = 1
actionstart =
actionstop =
actioncheck =
actionban = oifs=${IFS};
RESOLVER_ADDR="%(addr_resolver)s"
if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR";
fi
ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
IFS=,; ADDRESSES=$(echo $ADDRESSES)
IFS=${oifs}
IP=<ip>
if [ ! -z "$ADDRESSES" ]; then
( printf %%b "<message>\n"; date '+Note: Local timezone is %%z
(%%Z)';
printf %%b "\nLines containing failures of <ip> (max
<grepmax>)\n";
%(_grep_logs)s;
) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES
fi
actionunban =
addr_resolver = <ip-rev>abuse-contacts.abusix.org
message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP,
which according to a abusix.com is on your network. We would appreciate if you
would investigate and take action as appropriate.\n\nLog lines are given below,
but please ask if you require any further information.\n\n(If you are not the
correct person to contact about this please accept our apologies - your e-mail
address was extracted from the whois record by an automated process.)\n\n This
mail was generated by Fail2Ban.\nThe recipient address of this report was
provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain
the content of the database. All information which we pass out, derives from
the RIR databases and is processed for ease of use. If you want to change or
report non working abuse contacts please contact the appropriate RIR. If you
have any further question, contact abusix.com directly via email
(i...@abusix.com). Information about the Abuse Contact Database can be found
here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is
neither responsible nor liable for the content or accuracy of this message.\n
logpath = /dev/null
mailcmd = mail -s
mailargs =
/etc/fail2ban/action.d/dshield.conf changed:
[Definition]
norestored = 1
actionstart =
actionstop = if [ -f <tmpfile>.buffer ]; then
cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID
<userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs>
<dest>
date +%%s > <tmpfile>.lastsent
fi
rm -f <tmpfile>.buffer <tmpfile>.first
actioncheck =
actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d
%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}'
/etc/protocols`
if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
printf %%b
"$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n"
>> <tmpfile>.buffer
NOW=`date +%%s`
if [ ! -f <tmpfile>.first ]; then
echo <time> | cut -d. -f1 > <tmpfile>.first
fi
if [ ! -f <tmpfile>.lastsent ]; then
echo 0 > <tmpfile>.lastsent
fi
LOGAGE=$(($NOW - `cat <tmpfile>.first`))
LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`))
LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' )
if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] ||
[ $LOGAGE -gt <maxbufferage> ]; then
cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID
<userid> TZ $TZONE Fail2Ban" <mailargs> <dest>
rm -f <tmpfile>.buffer <tmpfile>.first
echo $NOW > <tmpfile>.lastsent
fi
actionunban = if [ -f <tmpfile>.first ]; then
NOW=`date +%%s`
LOGAGE=$(($NOW - `cat <tmpfile>.first`))
if [ $LOGAGE -gt <maxbufferage> ]; then
cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID
<userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs>
<dest>
rm -f <tmpfile>.buffer <tmpfile>.first
echo $NOW > <tmpfile>.lastsent
fi
fi
[Init]
port = ???
userid = 0
myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet
([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
protocol = tcp
lines = 50
minreportinterval = 3600
maxbufferage = 21600
srcport = ???
tcpflags =
mailcmd = mail -s
mailargs =
dest = repo...@dshield.org
tmpfile = /var/run/fail2ban/tmp-dshield
/etc/fail2ban/action.d/mail-buffered.conf changed:
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
actionstop = if [ -f <tmpfile> ]; then
printf %%b "Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from
<fq-hostname>" <dest>
rm <tmpfile>
fi
printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
actioncheck =
actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
if [ $LINE -ge <lines> ]; then
printf %%b "Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
\nRegards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
rm <tmpfile>
fi
actionunban =
[Init]
name = default
lines = 5
tmpfile = /var/run/fail2ban/tmp-mail.txt
dest = root
/etc/fail2ban/action.d/mail-whois-lines.conf changed:
[INCLUDES]
before = mail-whois-common.conf
helpers-common.conf
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on
<fq-hostname>" <dest>
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
actioncheck =
_ban_mail_content = ( printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n"
%(_whois_command)s;
printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
%(_grep_logs)s;
printf %%b "\n
Regards,\n
Fail2Ban" )
actionban = %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip>
from <fq-hostname>" <dest>
actionunban =
[Init]
mailcmd = mail -s
name = default
dest = root
logpath = /dev/null
/etc/fail2ban/action.d/mail-whois.conf changed:
[INCLUDES]
before = mail-whois-common.conf
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
actioncheck =
actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
`%(_whois_command)s`\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from
<fq-hostname>" <dest>
actionunban =
[Init]
name = default
dest = root
/etc/fail2ban/action.d/mail.conf changed:
[Definition]
norestored = 1
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
actioncheck =
actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from
<fq-hostname>" <dest>
actionunban =
[Init]
name = default
dest = root
/etc/fail2ban/fail2ban.conf changed:
[DEFAULT]
loglevel = INFO
logtarget = /var/log/fail2ban.log
syslogsocket = auto
socket = /var/run/fail2ban/fail2ban.sock
pidfile = /var/run/fail2ban/fail2ban.pid
allowipv6 = auto
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
dbpurgeage = 1d
dbmaxmatches = 10
[Definition]
[Thread]
-- no debconf information
