Thanks everyone who responded with advice.    Redirecting the wget stderr to a file showed me this error:

*   Trying 192.168.0.116... Failed to connect to 192.168.0.116: Permission denied

 

Searching on that error pointed me to SELinux.  I found this in /var/log/audit/audit.log:

type=AVC msg=audit(1386961382.694:3611): avc:  denied  { name_connect } for  pid=9545 comm="wget" dest=80 scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket

 

Based on advice at http://wiki.centos.org/HowTos/SELinux, I was able to adjust the policy to allow curl to make network connections from fail2ban.

 

 

From: Tom Faber
Sent: Thursday, December 12, 2013 1:06 PM
To: 'fail2ban-users@lists.sourceforge.net'
Cc: Tom Faber
Subject: Making an http post from a fail2ban action

 

Hi –

 

I’m running fail2ban on CentOS.  I want to have an action that posts to a web service on banning.   I’ve tried both wget and curl, neither one is working.   In the fail2ban logs it just says

                fail2ban.actions.action: ERROR  curl -X POST -d "true" http://myserver/path --header "Content-Type:application/json" returned 700

For the same action using wget, it says “returned 400”.   I already have the fail2ban logging up to debug level, and I don’t see any other information on what’s happening.    When I try passing in –d to wget to trigger wget debug logging, I get an error message that it couldn’t write to the log.

 

Both curl and wget, the exact same command line that fails in the action succeeds when I run it from the bash prompt.

 

The destination server (windows with IIS – so I’ve checked both IIS logs and Network Monitor) isn’t receiving the post, so at first I thought perhaps it just wasn’t resolving the host name – but using FQDN or IP Address gives the same results.

 

My questions are:

-          Is there any fail2ban documentation of these error codes?  I searched the http://www.fail2ban.org/ site and found nothing.

-          Are there specific restrictions of what can be done from a custom action?   Is there something about the context that changes how network operations work?

-          Any trick to getting wget debug logging working from inside an action?

-          Anything obvious you see that I’m doing wrong?

 

Thanks

-Tom