Hello,
I am posting a copy of the issue I just posted in github fail2ban but is seems that the issue started with the last clearos update.
In the dashboard i see the last update was;
fail2ban-server-0.11.1-10.el7 Updated 2020 Sep 23, 04:58:58
It seems that action files stopped supporting "<bantime>" with this update, I just checked my f2b logs and it hasn't been working for the past few months, i have millions of errors on my log files like
2020-11-09 19:31:37,132 fail2ban.utils [17395]: ERROR 7f03602a0928 -- stderr: "/bin/sh: -c: line 0: syntax error near unexpected token `newline'"
2020-11-09 19:31:37,132 fail2ban.utils [17395]: ERROR 7f03602a0928 -- stderr: "/bin/sh: -c: line 0: `ipset create f2b-portprobe hash:ip --maxelem 1000000 timeout <bantime>'"
2020-11-09 19:31:37,132 fail2ban.utils [17395]: ERROR 7f03602a0928 -- returned 1
2020-11-09 19:31:37,133 fail2ban.actions [17395]: ERROR Failed to execute ban jail 'portprobe' action 'ipset-portprobe' info 'ActionInfo({'ip': '46.101.124.192', 'fid': <function <lambda> at 0x7f0361c71f50>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f0361c74578>})': Error starting action Jail('portprobe')/ipset-portprobe: 'Script error'
my action file contains
actionstart = ipset create <ipmset> hash:ip --maxelem 1000000 timeout <bantime><familyopt>
Replacing "<bantime>" with the actual bantime in seconds seems to work.
the action is specified in my jail as follows
action = ipset-portprobe[name=portprobe,bantime=2147483]
thanks
alexsunny
I am posting a copy of the issue I just posted in github fail2ban but is seems that the issue started with the last clearos update.
In the dashboard i see the last update was;
fail2ban-server-0.11.1-10.el7 Updated 2020 Sep 23, 04:58:58
It seems that action files stopped supporting "<bantime>" with this update, I just checked my f2b logs and it hasn't been working for the past few months, i have millions of errors on my log files like
2020-11-09 19:31:37,132 fail2ban.utils [17395]: ERROR 7f03602a0928 -- stderr: "/bin/sh: -c: line 0: syntax error near unexpected token `newline'"
2020-11-09 19:31:37,132 fail2ban.utils [17395]: ERROR 7f03602a0928 -- stderr: "/bin/sh: -c: line 0: `ipset create f2b-portprobe hash:ip --maxelem 1000000 timeout <bantime>'"
2020-11-09 19:31:37,132 fail2ban.utils [17395]: ERROR 7f03602a0928 -- returned 1
2020-11-09 19:31:37,133 fail2ban.actions [17395]: ERROR Failed to execute ban jail 'portprobe' action 'ipset-portprobe' info 'ActionInfo({'ip': '46.101.124.192', 'fid': <function <lambda> at 0x7f0361c71f50>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f0361c74578>})': Error starting action Jail('portprobe')/ipset-portprobe: 'Script error'
my action file contains
actionstart = ipset create <ipmset> hash:ip --maxelem 1000000 timeout <bantime><familyopt>
Replacing "<bantime>" with the actual bantime in seconds seems to work.
the action is specified in my jail as follows
action = ipset-portprobe[name=portprobe,bantime=2147483]
thanks
alexsunny
Share this post:
Responses (1)
-
Accepted Answer
That won't be a ClearOS error per se, as we use the upstream EPEL package. It must have been due to an upstream and/or source change. Have a look in /etc/fail2ban/action.d/iptables-ipset-proto6.conf to see how it is done now, using <default-timeout>. I have never tried it but you may be able to override it in your jail. If you use <bantime> in the actionban line, <default-timeout> becomes irrelevant and is only used where <bantime> is not specified in the actionban line.
[edit]
Also, why do you have a specific action ipset-portprobe. Why not just leave it on the default iptables-ipset-proto6.conf?
[/edit]
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »