Trouble with Fail2Ban

I am struggling with the app with fail2ban. The server is a Community 7 server put up this spring. Last updates appear to be in May. My issue is with fail2ban/fail2ban-server.

I created the /etc/fail2ban/jail.local and enabled sshd. The /var/log/fail2ban.log file is very busy with lots of logging ssh attacks. It reports that an attacking IP address is banned, but, that IP continues to hit the server.

I see the iptables rule for "REJECT all -- 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd src reject-with icmp-port-unreachable. But, I don't see anywhere in iptables -L -n that the bad ipaddresses are being added. Is there somewhere that I can see the "match-set s2b-sshd" entries?

I tried uninstalling and reinstalling the app-attack-detector which re-installed the fail2ban system. No help. The behavior is the same. IP addresses are recognized as ssh attacks, are logged, and reported as banned, but, are not being stopped by the firewall.

What am I missing?

Nick Howitt wrote:

You can downgrade with "yum downgrade" but you need to specify the full packages you want to downgrade to, with their dependencies. Try:If it works, you'll then need to block upgrades to ghostscript until it is fixed. It can be done in /etc/yum.conf with an exclude line.

Downgrading from the ghostscript 15 May, 2019 _6.11 to the 10 April 2019 _6.10 version solves the cups printing problems. Thank you!

You can downgrade with "yum downgrade" but you need to specify the full packages you want to downgrade to, with their dependencies. Try:If it works, you'll then need to block upgrades to ghostscript until it is fixed. It can be done in /etc/yum.conf with an exclude line.

Nick Howitt wrote:

Google gives plenty of hits, and I notice ghostscript updated a couple of nights ago. Has your system updated to the new package, ghostscript-9.07-31.el7_6.11.x86_64?

"Recent Software Activity: (ghostscript)
ghostscript-cups-9.07-31.el7_6.11 Updated May 15, 01:16:03
ghostscript-9.07-31.el7_6.11 Updated May 15, 01:15:59
ghostscript-cups-9.07-31.el7_6.10 Updated Apr 17, 04:20:32
ghostscript-9.07-31.el7_6.10 Updated Apr 17, 04:20:30
ghostscript-cups-9.07-31.el7_6.9 Updated Apr 13, 02:23:33
ghostscript-9.07-31.el7_6.9 Updated Apr 13, 02:23:29"

Actually, the ghostcript-cups upgrade from _610 to _611 may be the issue. I need to understand how to roll back the 15 May _6.11 to try the 17 Apr _6.10 to see of this solves the problem. At least, as a test....

Here is an excerpt from the /var/log/cups/error_log:

E [21/Jun/2019:07:05:30 -0400] [Job 3087] Job stopped due to filter errors; please consult the error_log file for details.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] The following messages were recorded from 07:05:30 AM to 07:05:30 AM
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Adding start banner page "none".
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Queued on "DELIVER" by "apache".
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Auto-typing file...
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Request file type is application/pdf.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] File of type application/pdf queued by "apache".
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Adding end banner page "none".
D [21/Jun/2019:07:05:30 -0400] [Job 3087] time-at-processing=1561115130
D [21/Jun/2019:07:05:30 -0400] [Job 3087] 2 filters for job:
D [21/Jun/2019:07:05:30 -0400] [Job 3087] pdftopdf (application/pdf to application/vnd.cups-pdf, cost 66)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] foomatic-rip (application/vnd.cups-pdf to printer/DELIVER, cost 0)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] job-sheets=none,none
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[0]="DELIVER"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[1]="3087"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[2]="apache"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[3]="1561115130.pdf"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[4]="1"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[5]="finishings=3 number-up=1 job-uuid=urn:uuid:9ac877bb-51a8-3226-6a37-fec131d144d9 job-originating-host-name=localhost time-at-creation=1561115130 time-at-processing=1561115130"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] argv[6]="/var/spool/cups/d03087-001"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[0]="CUPS_CACHEDIR=/var/cache/cups"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[1]="CUPS_DATADIR=/usr/share/cups"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[2]="CUPS_DOCROOT=/usr/share/cups/www"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[3]="CUPS_FONTPATH=/usr/share/cups/fonts"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[4]="CUPS_REQUESTROOT=/var/spool/cups"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[5]="CUPS_SERVERBIN=/usr/lib/cups"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[6]="CUPS_SERVERROOT=/etc/cups"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[7]="CUPS_STATEDIR=/var/run/cups"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[8]="HOME=/var/spool/cups/tmp"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[9]="PATH=/usr/lib/cups/filter:/usr/lib64/cups/filter:/usr/bin:/usr/sbin:/bin:/usr/bin"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[10]="SERVER_ADMIN=root@pos-sap.qbrand.com"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[11]="SOFTWARE=CUPS/1.6.3"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[12]="TMPDIR=/var/spool/cups/tmp"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[13]="USER=root"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[14]="CUPS_MAX_MESSAGE=2047"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[15]="CUPS_SERVER=/var/run/cups/cups.sock"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[16]="CUPS_ENCRYPTION=IfRequested"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[17]="IPP_PORT=631"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[18]="CHARSET=utf-8"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[19]="LANG=en.UTF-8"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[20]="PPD=/etc/cups/ppd/DELIVER.ppd"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[21]="RIP_MAX_CACHE=128m"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[22]="CONTENT_TYPE=application/pdf"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[23]="DEVICE_URI=socket://192.168.1.156"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[24]="PRINTER_INFO=DELIVER"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[25]="PRINTER_LOCATION=DELIVER"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[26]="PRINTER=DELIVER"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[27]="PRINTER_STATE_REASONS=none"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[28]="CUPS_FILETYPE=document"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[29]="FINAL_CONTENT_TYPE=application/vnd.cups-pdf"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] envp[30]="AUTH_I****"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Started filter /usr/lib/cups/filter/pdftopdf (PID 19077)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Started filter /usr/lib/cups/filter/foomatic-rip (PID 19078)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Started backend /usr/lib/cups/backend/socket (PID 19079)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Getting input from file
D [21/Jun/2019:07:05:30 -0400] [Job 3087] foomatic-rip version 4.0.17.256 running...
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Parsing PPD file ...
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option ColorSpace
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option PageSize
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option ImageableArea
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option PaperDimension
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option InputSlot
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option Resolution
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Added option Font
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Parameter Summary
D [21/Jun/2019:07:05:30 -0400] [Job 3087] -----------------
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Spooler: cups
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Printer: DELIVER
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Shell: /bin/bash
D [21/Jun/2019:07:05:30 -0400] [Job 3087] PPD file: /etc/cups/ppd/DELIVER.ppd
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ATTR file:
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Printer model: HP LaserJet Foomatic/laserjet (recommended)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Job title: 1561115130.pdf
D [21/Jun/2019:07:05:30 -0400] [Job 3087] File(s) to be printed:
D [21/Jun/2019:07:05:30 -0400] [Job 3087] <STDIN>
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Ghostscript extra search path ('GS_LIB'): /usr/share/cups/fonts
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Printing system options:
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Pondering option 'finishings=3'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Unknown option finishings=3.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Pondering option 'number-up=1'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Unknown option number-up=1.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Pondering option 'job-uuid=urn:uuid:9ac877bb-51a8-3226-6a37-fec131d144d9'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Unknown option job-uuid=urn:uuid:9ac877bb-51a8-3226-6a37-fec131d144d9.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Pondering option 'job-originating-host-name=localhost'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Unknown option job-originating-host-name=localhost.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Pondering option 'time-at-creation=1561115130'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Unknown option time-at-creation=1561115130.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Pondering option 'time-at-processing=1561115130'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Unknown option time-at-processing=1561115130.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Options from the PPD file:
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ================================================
D [21/Jun/2019:07:05:30 -0400] [Job 3087] File: <STDIN>
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ================================================
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: +connecting-to-device
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Looking up "192.168.1.156"...
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Filetype: PDF
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Storing temporary files in /var/spool/cups/tmp
D [21/Jun/2019:07:05:30 -0400] [Job 3087] PID 19077 (/usr/lib/cups/filter/pdftopdf) exited with no errors.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Process is dying with "Unable to determine number of pages, page count: -1
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ", exit stat 3
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Cleaning up...
D [21/Jun/2019:07:05:30 -0400] [Job 3087] PID 19078 (/usr/lib/cups/filter/foomatic-rip) stopped with status 3.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] Hint: Try setting the LogLevel to "debug" to find out more.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] hrDeviceDesc="HP LaserJet M402n"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] prtMarkerColorantValue.1.1 = "black"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ATTR: marker-colors=#000000
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ATTR: marker-names='"Black Cartridge HP CF226A"'
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ATTR: marker-types=toner
D [21/Jun/2019:07:05:30 -0400] [Job 3087] ATTR: marker-levels=100
D [21/Jun/2019:07:05:30 -0400] [Job 3087] new_supply_state=0, change_state=ffff
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -developer-low-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -developer-empty-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -marker-supply-low-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -marker-supply-empty-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -opc-near-eol-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -opc-life-over-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -toner-low-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -toner-empty-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -waste-receptacle-almost-full-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -waste-receptacle-full-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -cleaner-life-almost-over-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -cleaner-life-over-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] new_state=0, change_state=ffff
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -media-empty-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -door-open-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -media-jam-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -input-tray-missing-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -output-tray-missing-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -marker-supply-missing-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -output-area-almost-full-report
D [21/Jun/2019:07:05:30 -0400] [Job 3087] STATE: -output-area-full-warning
D [21/Jun/2019:07:05:30 -0400] [Job 3087] backendWaitLoop(snmp_fd=6, addr=0x55a74886ab38, side_cb=0x55a748630340)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] PID 19079 (/usr/lib/cups/backend/socket) exited with no errors.
D [21/Jun/2019:07:05:30 -0400] [Job 3087] End of messages
D [21/Jun/2019:07:05:30 -0400] [Job 3087] printer-state=3(idle)
D [21/Jun/2019:07:05:30 -0400] [Job 3087] printer-state-message="Filter failed"
D [21/Jun/2019:07:05:30 -0400] [Job 3087] printer-state-reasons=none
E [21/Jun/2019:07:10:32 -0400] [Job 3087] Stopping unresponsive job.

cups-filter problem with ghostscript after May 15, 2019 update

We have a series of printers that have been running well with the ClearOS CM 7 installed CUPS solution with ghostscript. It appears that after the May 15, 2019 updates to ghostscript-cups-9.07-31.el7_6.11, there is a problem with cups-filter.

The symptom is all submitted jobs fail with the message "Filter Failed". Looking at the /var/log/cups/error_log file, there is a message "Process is dying with "Unable to determine number of pages, page count: -1", exit stat 3.

A little other research seems to indicate a broken relationship between the updated ghostscript-cupsxxx and cups-filter. A suggested fix is to back rev ghostscript- or upgrade cups-filter.

Suggestions? Is there a repository I can activate to get an updated version of cups-filter?

Thank you for your help!

You're not doing anything wrong. I bumped into the issue at the back end of last week. Dave has a fix in testing but that turned up another issue which has just had a fix released. Things are slightly out of step for the moment so please do a:It may be better to install the csplugin-filewatch first but I'm not sure. If you configure the Webconfig to use the new certificate, but you don't get the padlock icon, please just restart the webconfig with a:

Nick: your answer restored the choice of certificate to use for webconfig at webconfig -> settings -> general settings. And it correctly applied the let's encrypt created cert. Nice!

Quick question: I note that this 'fix' pulled from the testing repo. Will this fix be put into the standard update process for other similar servers?

Thank you!

Let's Encrypt Cert for Webconfig

ClearOS release 7.6.0 (Final)
Kernel Version 3.10.0-957.10.1.v7.x86_64
Let's Encrypt App Version 1.10.7

I am successfully able to use the Let's Encrypt app from the Marketplace to generate Certs for the hosted websites. By going through the web server config I can assign the cert to the websites and everything works as promised.The cert also correctly shows as deployed in the Let's Encrypt app,

In the past, I thought I was also able to 'deploy' this cert to the Webconfig page as well. I thought that I was able to assign the cert via weppconfig -> settings -> general settings -> something. That option appears to be missing now.

I thought maybe it was automatic with an updated version of the app from the Marketplace. I went so far as to undeploy the existing cert, deleting it, uninstalling the letsencrypt app, reinstalling the app, and regenerating the cert. When I did all that, the cert worked and was able to deploy to the websites. But, I cannot find how to activate it for the webconfig page.

What am I doing wrong?
TIA!
John

Nick, I performed all of the steps you identified above to comply with the CVE. The Kopano system successfully upgraded to 8.5.8.2. That said, "yum info zarafa-z-push" reports 2.2.13 and not 2.3.9.

What did I do wrong?