Your message dated Sat, 07 Apr 2012 16:02:11 +0000
with message-id <e1sgy5b-0004zo...@franck.debian.org>
and subject line Bug#650678: fixed in fail2ban 0.8.4-3+squeeze1
has caused the Debian Bug report #650678,
regarding fail2ban: Random iptables errors on start
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
650678: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fail2ban
Version: 0.8.4-3
Severity: grave
Tags: security
Justification: user security hole
I have used fail2ban but this is very strange. According to fail2ban log
and the output of iptables some of the iptables commands in the
iptables-multiport action script fail. I can't see any sytem behind the
errors. This is a fairly mixed system (packages from lenny & squeeze,
some fron even older versions) but I don't see how that would cause
that. iptables & python are from squeeze.
Here is a typical log output
2011-12-01 20:03:00,662 fail2ban.filter : INFO Set findtime = 600
2011-12-01 20:03:00,662 fail2ban.actions: INFO Set banTime = 600
2011-12-01 20:03:00,675 fail2ban.jail : INFO Jail 'ssh-ddos' started
2011-12-01 20:03:00,683 fail2ban.jail : INFO Jail 'introspection'
started
2011-12-01 20:03:00,687 fail2ban.jail : INFO Jail 'apache-overflows'
started
2011-12-01 20:03:00,693 fail2ban.jail : INFO Jail 'ssh' started
2011-12-01 20:03:00,695 fail2ban.jail : INFO Jail 'proftpd' started
2011-12-01 20:03:00,712 fail2ban.actions.action: ERROR iptables -N
fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
returned 200
But this is totally random. Sometimes one jail fails, sometimes another,
sometimes more than one.
Note that due to fail2ban's architecture it doesn't report that
something failed on start-up. Admins relying on fail2ban (a bad idea
IMHO) are facing a potential security risk!
Thanks
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (1, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26-2-amd64
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages fail2ban depends on:
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii python 2.6.6-3+squeeze6 interactive high-level object-orie
ii python-central 0.6.16+nmu1 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.4.8-3 administration tools for packet fi
ii whois 4.7.30 an intelligent whois client
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: fail2ban
Source-Version: 0.8.4-3+squeeze1
We believe that the bug you reported is fixed in the latest version of
fail2ban, which is due to be installed in the Debian FTP archive:
fail2ban_0.8.4-3+squeeze1.diff.gz
to main/f/fail2ban/fail2ban_0.8.4-3+squeeze1.diff.gz
fail2ban_0.8.4-3+squeeze1.dsc
to main/f/fail2ban/fail2ban_0.8.4-3+squeeze1.dsc
fail2ban_0.8.4-3+squeeze1_all.deb
to main/f/fail2ban/fail2ban_0.8.4-3+squeeze1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 650...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yaroslav Halchenko <deb...@onerussian.com> (supplier of updated fail2ban
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Feb 2012 10:29:08 -0500
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.4-3+squeeze1
Distribution: stable
Urgency: low
Maintainer: Yaroslav Halchenko <deb...@onerussian.com>
Changed-By: Yaroslav Halchenko <deb...@onerussian.com>
Description:
fail2ban - bans IPs that cause multiple authentication errors
Closes: 544232 635746 650678
Changes:
fail2ban (0.8.4-3+squeeze1) stable; urgency=low
.
[ Jonathan Wiltshire ]
* [e2232fc] Backport patch to fix CVE-2009-5023: Insecure creation of
tempfile (Closes: #544232, #635746)
.
[ Yaroslav Halchenko ]
* [6fc6c7b] Backport patch: Lock server's executeCmd to prevent racing
among iptables calls (Closes: #650678)
Checksums-Sha1:
4366d067ac4069f36098d590931a4246903d0d71 1247 fail2ban_0.8.4-3+squeeze1.dsc
e88c933c9e8cbbab2ee2cc138d1e38f317b6ea6d 31175
fail2ban_0.8.4-3+squeeze1.diff.gz
4bfd4415bf60e531461b7537fc2e9ef51c62cf62 96234
fail2ban_0.8.4-3+squeeze1_all.deb
Checksums-Sha256:
9e101e3da2dd0edeeededeae9b6d350e095bb7c437a90a2d7cda42985f203712 1247
fail2ban_0.8.4-3+squeeze1.dsc
79d0e4bc004e0cbb12b311e75ef4a404c53e43da09bf20dbad7ef76f221a0e8f 31175
fail2ban_0.8.4-3+squeeze1.diff.gz
b402a3a5e98806dcbe7bb97d0bd55320e034d80ce1e3acf72755c8a315ad81f1 96234
fail2ban_0.8.4-3+squeeze1_all.deb
Files:
e9f88234c2dc53e290281ea60725dd5c 1247 net optional
fail2ban_0.8.4-3+squeeze1.dsc
c26505244602fe2b8e05f1730ea7b085 31175 net optional
fail2ban_0.8.4-3+squeeze1.diff.gz
ac0e02ef47b4388da34dccb882783abc 96234 net optional
fail2ban_0.8.4-3+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk9/YWoACgkQjRFFY3XAJMgF9ACfevBUInbkKYYggpKcEI/vPRrm
1r8AnRz8n7eRUmZwkjsI5yF2j3BrqgzH
=oMGg
-----END PGP SIGNATURE-----
--- End Message ---
