[Fail2ban-users] fail2ban apache-noscript fails on fedora21

Wed, 18 Feb 2015 15:28:47 -0800 

Hi,

I have a fedora21 system with fail2ban-0.9.1-2 and having some problems 
with the default install. It seems the apache-noscript filter doesn't 
work. Using an error sample:

[Fri Feb 13 02:36:00.794113 2015] [cgi:error] [pid 20818] [client 
103.24.77.53:43585] script not found or unable to stat: 
/var/www/www.linuxseclabs.com-80/cgi-bin/php.cgi

This is the contents of /etc/fail2ban/filter.d/apache-noscript.conf

[INCLUDES]
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not 
exist|(AH01264: )?script not found or unable to stat): 
/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
             ^%(_apache_error_client)s script 
'/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to 
stat(, referer: \S+)?\s*$
ignoreregex =

apache-common.conf is just:

_apache_error_client = \[\] \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ 
\d+)?\])? \[client <HOST>(:\d{1,5})?\][/code]

When I try fail2ban-regex:

#fail2ban-regex /var/tmp/error_log apache-noscript

Running tests
=============

Use   failregex line : apache-noscript
Traceback (most recent call last):
   File "/usr/bin/fail2ban-regex", line 533, in <module>
     fail2banRegex.readRegex(cmd_regex, 'fail') or sys.exit(-1)
   File "/usr/bin/fail2ban-regex", line 303, in readRegex
     'add%sRegex' % regextype.title())(regex.getFailRegex())
   File "/usr/lib/python2.7/site-packages/fail2ban/server/filter.py", 
line 105, in addFailRegex
     raise e
fail2ban.server.failregex.RegexException: No 'host' group in 
'apache-noscript'


Any idea why this is happening? Is this a known issue with the regex?

Thanks,
Alex

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to