From: Arturo 'B. B. <bu...@bu...> - 2009-08-27 13:14:25
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 As you know, many people have contacted me privately requesting that I either provide a patch to fix the current python 2.6 incompatibility and resulting fail2ban inoperability with current GNU/Linux distributions (except Ubuntu, which has a python 2.5 package). As you probably also know, In April 2009 I asked to takeover the project from Cyril (the author), and I also posted a "Is Cyril OK?" thread here. Please, proceed to this url for more details: https://sourceforge.net/apps/trac/sourceforge/ticket/4334 I really dislike asking for a takeover to the sourceforge.net staff, but I (and no one else here that I know of) never heard from Cyril Jaquier again, and I'm doing this in the best interest of this community and application. Yours, Buanzo. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqWhqAACgkQAlpOsGhXcE2gzACfWdWevmIZF2y+3mV4N5NQHDml nFYAoIMDNmNjao2ME/Wee94gfQWTAQE1 =wjlV -----END PGP SIGNATURE----- |
From: Arthur D. <mis...@bl...> - 2009-08-27 14:16:30
|
On Thu, 2009-08-27 at 10:14 -0300, Arturo 'Buanzo' Busleiman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > As you know, many people have contacted me privately requesting that I either provide a patch to fix > the current python 2.6 incompatibility and resulting fail2ban inoperability with current GNU/Linux > distributions (except Ubuntu, which has a python 2.5 package). > > As you probably also know, In April 2009 I asked to takeover the project from Cyril (the author), > and I also posted a "Is Cyril OK?" thread here. Actually Arturo I tried to contact Cyril via his @jaqpot.net address and I did get a reply from him on Sat 22 Aug 2009: > Hi Arthur, > > > Please forgive the direct approach. I'm sure you're very busy with your > > NetCounter project and with your other work, but your other excellent > > product - Fail2Ban - needs your attention. > > > > I'm really sorry :( Indeed I'm very busy at work and spend less time in > front of my computer. And as you know, I'm currently working on an > Android application. > > I have the bad habit of not replying to e-mails as they come. I have > accumulate a lot of unread e-mails for fail2ban and I'm a bit afraid of > starting looking at the stack. > > I still like Python and fail2ban and will look at these bugs as soon as > possible. > > Regards, > > Cyril Since then however I have not heard anything. If you want Arturo I can send you privately the email address he replied to me from so you can try to contact him directly. I don't know if this appropriate or not, but if you do a "whois" on jaqpot.net you can also find a telephone number for him. Whether or not it is a genuine number, and whether or not you feel it would be appropriate to try such a direct contact is up to you... > Please, proceed to this url for more details: > > https://sourceforge.net/apps/trac/sourceforge/ticket/4334 > > I really dislike asking for a takeover to the sourceforge.net staff, but I (and no one else here > that I know of) never heard from Cyril Jaquier again, and I'm doing this in the best interest of > this community and application. > > Yours, > Buanzo. I do very much hope that between the two of you we can move this excellent product forward a bit... Thanks for caring. Mark |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-27 14:05:13
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arthur Dent wrote: > Thanks for caring. Arthur, thanks for the details. Yes, I'd appreciate you send me a private email with his address. I'd rather Cyril remains the project owner! As I said, I hate takeovers :) - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqWjWAACgkQAlpOsGhXcE0qPACdGdBti1bTCSbdmSgSzEvtHaa0 TG4Anjo9hh4ydinuGQf4yaz///qbGJGT =M22O -----END PGP SIGNATURE----- |
From: Yaroslav H. <li...@on...> - 2009-08-27 20:20:46
|
> As you know, many people have contacted me privately requesting that I either provide a patch to fix > the current python 2.6 incompatibility and resulting fail2ban inoperability with current GNU/Linux > distributions (except Ubuntu, which has a python 2.5 package). but is the patch available to make fail2ban work with python2.6? if so, would you mind providing it to the interested crowd? -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-27 21:57:01
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Yaroslav Halchenko wrote: > but is the patch available to make fail2ban work with python2.6? if so, > would you mind providing it to the interested crowd? Working on it :) - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqW8rQACgkQAlpOsGhXcE3/zACfQsykDRg8CUi+9lKKPdezJahX lKEAn0LiNSy9bGkSJyz/2gxCB735IWk7 =jBmq -----END PGP SIGNATURE----- |
From: Cyril J. <cyr...@fa...> - 2009-08-28 11:01:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Arturo, Hi fail2ban users, > As you know, many people have contacted me privately requesting that I either provide a patch to fix > the current python 2.6 incompatibility and resulting fail2ban inoperability with current GNU/Linux > distributions (except Ubuntu, which has a python 2.5 package). > > As you probably also know, In April 2009 I asked to takeover the project from Cyril (the author), > and I also posted a "Is Cyril OK?" thread here. > > Please, proceed to this url for more details: > > https://sourceforge.net/apps/trac/sourceforge/ticket/4334 > > I really dislike asking for a takeover to the sourceforge.net staff, but I (and no one else here > that I know of) never heard from Cyril Jaquier again, and I'm doing this in the best interest of > this community and application. > First of all, I'm really sorry for not answering my fail2ban e-mails for months. I have the bad habit of not answering e-mails as they come and I now have a huge stack that afraid me a bit... In the meanwhile I started working on an open-source application for Android [1] and invest most of my free time on it. I'm also trying to stay less in front of my computer, spending more time with my family and friends. But I should have take care of the fail2ban community more during these times and I regret profoundly. I still like Python (my preferred scripting language ever, did some developments based on Django at work too) and fail2ban. Here are the immediate actions I propose: 1/ I will give Arturo write access to the SVN repository on sourceforge.net. Arturo, if it's ok for you, I would be pleased to have you as one of fail2ban's developer. 2/ Arturo will have all the required permissions to release a new version of fail2ban (on sourceforge, wiki, etc). 3/ I will start to answer all the e-mails I haven't replied yet as soon as possible. This will probably take time. If someone has other suggestions, don't hesitate to share them. Arturo, please, contact me in private (cyr...@fa... is ok...) and give me your SF.net username. I would also enjoy to chat with you over Jabber, ICQ, MSN or whatever (I don't like Skype). Sorry again for all the inconvenience. Regards, Cyril P.S. I won't have any internet connection during the week-end. [1] http://www.jaqpot.net/netcounter/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqXtQ0ACgkQlYy8cEwUMaR9IACfQ2uZf20EHczS4NMtC4iGGS53 swMAniZqO58UBehHSKBykKFBrM1bR045 =pmBO -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-28 11:27:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cyril Jaquier wrote: > First of all, I'm really sorry for not answering my fail2ban e-mails for > computer, spending more time with my family and friends. Wonderful to see you alright, Cyril. You'll think of me as silly, but I'm always worried you're military-like busy or something worse. > 1/ I will give Arturo write access to the SVN repository on > sourceforge.net. Arturo, if it's ok for you, I would be pleased to have > you as one of fail2ban's developer. Absolutely! > 2/ Arturo will have all the required permissions to release a new > version of fail2ban (on sourceforge, wiki, etc). Sounds nice. > 3/ I will start to answer all the e-mails I haven't replied yet as soon > as possible. This will probably take time. Not up to me, but sounds gooood. > Arturo, please, contact me in private (cyr...@fa... is > ok...) and give me your SF.net username. I would also enjoy to chat with > you over Jabber, ICQ, MSN or whatever (I don't like Skype). Sent you the details. Yours, - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqXvyUACgkQAlpOsGhXcE1MHgCfa4X2vZC6Euytz5WcNx2fvm2m IHsAni535ax8+TMbEFEowP69b7vKS3f6 =53UY -----END PGP SIGNATURE----- |
From: Arthur D. <mis...@bl...> - 2009-08-28 11:58:14
|
On Fri, 2009-08-28 at 08:27 -0300, Arturo 'Buanzo' Busleiman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Cyril Jaquier wrote: > > First of all, I'm really sorry for not answering my fail2ban e-mails for > > computer, spending more time with my family and friends. > > Wonderful to see you alright, Cyril. You'll think of me as silly, but I'm always worried you're > military-like busy or something worse. > > > 1/ I will give Arturo write access to the SVN repository on > > sourceforge.net. Arturo, if it's ok for you, I would be pleased to have > > you as one of fail2ban's developer. > > Absolutely! > > > 2/ Arturo will have all the required permissions to release a new > > version of fail2ban (on sourceforge, wiki, etc). > > Sounds nice. > > > 3/ I will start to answer all the e-mails I haven't replied yet as soon > > as possible. This will probably take time. > > Not up to me, but sounds gooood. > > > Arturo, please, contact me in private (cyr...@fa... is > > ok...) and give me your SF.net username. I would also enjoy to chat with > > you over Jabber, ICQ, MSN or whatever (I don't like Skype). > > Sent you the details. > > Yours, > > Arturo "Buanzo" Busleiman / Arturo Busleiman Can I just say that I am delighted to hear this news. Fail2Ban is an excellent application and exemplifies all that is good about FOSS - It does one thing and does it very well, it is lean, simple and yet flexible. I am thrilled that its future now seems secure. If there is anything I can do to help please let me know. I'm afraid I'm not a developer and I don't speak python - but if you need that bit that writes "Hello World!" on the screen I'm your man! Good luck to both of you! Best regards Mark |
From: Yaroslav H. <li...@on...> - 2009-08-28 14:12:52
|
Hi Mark, > If there is anything I can do to help please let me know. I'm afraid I'm > not a developer and I don't speak python - but if you need that bit that > writes "Hello World!" on the screen I'm your man! One of the things on global fail2ban's TODO lists is more thorough documentation. Documentation for fail2ban is in wiki so it is quite easy to adjust -- wanna contribute? ;) -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Cyril J. <cyr...@fa...> - 2009-08-28 20:33:52
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arturo 'Buanzo' Busleiman wrote: > Arthur Dent wrote: >> If there is anything I can do to help please let me know. I'm afraid I'm >> not a developer and I don't speak python - but if you need that bit that >> writes "Hello World!" on the screen I'm your man! > > Well, if you could setup a testing environment based on the SVN repository, that'd be great. I'll do > the same for Ubuntu, it'd be nice to have Centos, etc... > We have nightly builds at [1]. I would test these builds because they are built the same way the release packages are. At the moment, only the 0.8 branch [2] is interesting. Trunk contains experimental code and features. Regards, Cyril [1] http://www.fail2ban.org/nightly/ [2] http://www.fail2ban.org/nightly/fail2ban-FAIL2BAN-0_8.tar.bz2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqYPxsACgkQlYy8cEwUMaQLOQCcDL3+tOtmDyXxJqg0nDupz9Hv CrQAn35ZmC7WgYFD2kkoPlYc5jeMC1UU =XRSJ -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-28 22:47:52
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cyril Jaquier wrote: > We have nightly builds at [1]. I would test these builds because they > are built the same way the release packages are. At the moment, only the > 0.8 branch [2] is interesting. Trunk contains experimental code and > features. Problem is, I'll be working on turnk to get this fixed. Should I rather create a 'buanzo' branch that you could add to the build system, for easier testing or...? I just made a couple commits to the trunk (namely, the "ban ip" command for fail2ban-client, which allows manual banning of a given IP for a given Jail [no, no 'unbanip' command yet], also I added two filters I've been using in production environments for some time now, one for lighttpd's fastcgi ALERTs and the other for detecting url_fopen attacks in PHP). - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqYXosACgkQAlpOsGhXcE3t1gCfaNvy+MYmkGKhH+6MOwIvoYxe yMoAnRNyOTsVi9t77+kkpeXZ9WaCkN8s =nSHM -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-28 23:19:48
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cyril Jaquier wrote: > Hi Arturo, Call me Buanzo :) > Mmmhhh... Trunk has some fundamental changes compared with 0.8. I think > we should improve/fix 0.8 which is the current "stable" version. I don't > think there should be any problems to work in the 0.8 branch but I may > have missed something!? Sure. Feel free to roll-back my commits to trunk (my "banip" patch applied 100% cleanly to it, anyway). I'll move the stuff to branch 0.8 if you prefer, but let me know if I misunderstood you. > Good :) Could you split the commits in the feature? 1 commit = 1 feature > if possible. It is easier to review/follow changes, revert and export > patches. Thanks. Sure, no problem. Do you have a document stating your 'best practices' for fail2ban developers? By the way, I'm half-way to solving the "Unexpected communications problem" with python 2.6. Apparently, there are some substantial differences in asynchat/asyncore in Python 2.6 and 3.0. I'm getting more familiar with the usage of your Requesthandler(asynchat.async_chat) class before touching anything. The problem itself appeared when I added some debugging code to the handle_error() method, and I got this in the log: 2009-08-29 00:12:28,420 fail2ban.jail : INFO Jail 'named-refused-tcp' started 2009-08-29 00:12:28,438 fail2ban.server : ERROR Unexpected communication error 2009-08-29 00:12:28,444 fail2ban.server : ERROR E1 = error 2009-08-29 00:12:28,454 fail2ban.server : ERROR E2 = [Errno 9] Bad file descriptor The "bad file descriptor" message plus "asynchat" in google are sending me in the right direction. If someone beats me to fixing it, be my guest :) - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqYZgUACgkQAlpOsGhXcE1CMACfcr+P/vKfRCyG1XENwDLbLQU5 Cg0An1LMfArCAjClb9fG7eF6qmIIVY+o =JXMx -----END PGP SIGNATURE----- |
From: Cyril J. <cyr...@fa...> - 2009-08-29 16:09:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Buanzo, >> Mmmhhh... Trunk has some fundamental changes compared with 0.8. I think >> we should improve/fix 0.8 which is the current "stable" version. I don't >> think there should be any problems to work in the 0.8 branch but I may >> have missed something!? > > Sure. Feel free to roll-back my commits to trunk (my "banip" patch applied 100% cleanly to it, > anyway). I'll move the stuff to branch 0.8 if you prefer, but let me know if I misunderstood you. > We can keep your commits. Trunk contains experimental code with deep changes. It is far from usable so I would concentrate the development on the 0.8 branch at the moment. >> Good :) Could you split the commits in the feature? 1 commit = 1 feature >> if possible. It is easier to review/follow changes, revert and export >> patches. Thanks. > > Sure, no problem. Do you have a document stating your 'best practices' for fail2ban developers? > No coding style document. Just look at the code and try to have a similar style. > By the way, I'm half-way to solving the "Unexpected communications problem" with python 2.6. > Apparently, there are some substantial differences in asynchat/asyncore in Python 2.6 and 3.0. I'm > getting more familiar with the usage of your Requesthandler(asynchat.async_chat) class before > touching anything. > > The problem itself appeared when I added some debugging code to the handle_error() method, and I got > this in the log: > > 2009-08-29 00:12:28,420 fail2ban.jail : INFO Jail 'named-refused-tcp' started > 2009-08-29 00:12:28,438 fail2ban.server : ERROR Unexpected communication error > 2009-08-29 00:12:28,444 fail2ban.server : ERROR E1 = error > 2009-08-29 00:12:28,454 fail2ban.server : ERROR E2 = [Errno 9] Bad file descriptor > > The "bad file descriptor" message plus "asynchat" in google are sending me in the right direction. > If someone beats me to fixing it, be my guest :) > I will look at the problem too. Regards, Cyril -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqZUoQACgkQlYy8cEwUMaT3QACggB/iZXCv6EL/wOyFMbes4w0L P+YAnRXdahrH+Gn0sp8TqdEtkXtGXvNF =7dtD -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-29 03:15:57
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > The "bad file descriptor" message plus "asynchat" in google are sending me in the right direction. > If someone beats me to fixing it, be my guest :) For some reason the asyncore library (actually, the dispatcher class and the handle_write_event() method) believe the socket is not connected. I analyzed the differences between python's 2.5 and 2.6 asyncore.py files and got an interesting difference around lines 223-245, 2.6's asyncore.py: === try: self.addr = sock.getpeername() except socket.error, err: if err.args[0] == ENOTCONN: # To handle the case where we got an unconnected # socket. self.connected = False === So, if the call to getpeername() on the fail2ban socket gives an exception, then connected will be False. In the 2.5 version of this file, there's no checking for that, and no "false" setting for connected. As it is not connected, then this piece of code is executed during the handle_write_event() call: (in python 2.6) ==== if not self.connected: #check for errors err = self.socket.getsockopt(socket.SOL_SOCKET, socket.SO_ERROR) if err != 0: raise socket.error(err, _strerror(err)) ==== And that's the code that gives me this: 2009-08-29 03:50:08,761 fail2ban.jail : INFO Jail 'named-refused-tcp' started 2009-08-29 03:50:08,770 fail2ban.server : ERROR Unexpected communication error 2009-08-29 03:50:08,770 fail2ban.server : ERROR E1 = error 2009-08-29 03:50:08,770 fail2ban.server : ERROR E2 = [Errno 9] Bad file descriptor 2009-08-29 03:50:08,772 fail2ban.server : ERROR [ 'Traceback (most recent call last):', ' File "/usr/lib/python2.6/asyncore.py", line 101, in readwrite', ' obj.handle_write_event()', ' File "/usr/lib/python2.6/asyncore.py", line 427, in handle_write_event', ' err = self.socket.getsockopt(socket.SOL_SOCKET, socket.SO_ERROR)', ' File "<string>", line 1, in getsockopt', ' File "/usr/lib/python2.6/socket.py", line 165, in _dummy', " raise error(EBADF, 'Bad file descriptor')", 'error: [Errno 9] Bad file descriptor'] And that's why fail2ban yells "Unexpected communication error" when using Python 2.6 Now I should stop programming and head to bed :) - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqYnVoACgkQAlpOsGhXcE0ohgCfbiJl5mbyLbGJD4bXyqsQZwIG +b0AmwfHp2dGih3+Q5hz+xuMWOR/ru7B =UGou -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-28 15:50:24
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arthur Dent wrote: > If there is anything I can do to help please let me know. I'm afraid I'm > not a developer and I don't speak python - but if you need that bit that > writes "Hello World!" on the screen I'm your man! Well, if you could setup a testing environment based on the SVN repository, that'd be great. I'll do the same for Ubuntu, it'd be nice to have Centos, etc... - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqX/K4ACgkQAlpOsGhXcE3bbgCcCBUj2KqfHtRPekr6jwGPdNti 6vIAn32iK/Eo+4HukGxsxLrbU4etNcIs =sUoH -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-30 00:41:19
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > And that's why fail2ban yells "Unexpected communication error" when using Python 2.6 Just commited a workaround/fix (not clear to me) to make this problem go away. The bug is present in the 0.8 SVN branch, but not in trunk, as use_poll's kwarg for asyncore.loop() is by default False. In the 0.8 svn branch we use use_poll=True. I changed it to use_poll=False, tested the code in an up-to-date Ubuntu distro with Python 2.6, and it works fine. People who can test, go ahead and grab the latest tarball for the 0.8 branch, or just do this: 1) stop fail2ban 2) locate asyncserver.py (/usr/share/fail2ban/server/asyncserver.py in Ubuntu) 3) open it in an editor and go to line 150 (or find: "asyncore.loop(use_poll = True)"). 4) change use_poll = True to use_poll = False. 5) start fail2ban. Check /var/log/fail2ban.log. Verify no communication problem is mentioned. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqZypsACgkQAlpOsGhXcE2mCQCcD+VIlXq64VbayPWuJrWgUalZ dSAAmgIbvch7mMJXLazcsHKS1Lp3bKqE =UyYx -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-30 01:57:10
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > 5) start fail2ban. Check /var/log/fail2ban.log. Verify no communication problem is mentioned. I should've added item 6: make sure fail2ban detects changes in log files :) The fix does not work. use_poll = False means that asyncore should use select(). I'll keep analyzing this problem until a real fix is found. :) - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqZ3GYACgkQAlpOsGhXcE0CCACeMGhCCYWU7OpwN1QGdLpO+jnH kqcAnjc7Y8EgoI7nfAk6j7Kt0PwIJAMV =Dt+s -----END PGP SIGNATURE----- |
From: Cyril J. <cyr...@fa...> - 2009-08-30 08:55:47
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Just commited a workaround/fix (not clear to me) to make this problem go away. The bug is present in > the 0.8 SVN branch, but not in trunk, as use_poll's kwarg for asyncore.loop() is by default False. > > In the 0.8 svn branch we use use_poll=True. I changed it to use_poll=False, tested the code in an > up-to-date Ubuntu distro with Python 2.6, and it works fine. > I changed to poll() to workaround a "Unknown Error 514" bug (not clear if it came from Python or Linux). Search the mailing list for "unknown error 514" or look at [1]. So we should maybe only use select() if the Python version is higher than 2.5 and stay with poll() for the previous versions. Regards, Cyril [1] http://sourceforge.net/mailarchive/message.php?msg_id=5d4bae840804250420v6359926ened2eaf234cf6d15d%40mail.gmail.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqaPnsACgkQlYy8cEwUMaRTlgCdFwO9bVhEf3Meyz6zAwRdbKHp sQsAmwYm0+2vS6a8H2v7TioW6snUTzdT =cMmL -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-30 12:53:54
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cyril Jaquier wrote: > I changed to poll() to workaround a "Unknown Error 514" bug (not clear > if it came from Python or Linux). Search the mailing list for "unknown > error 514" or look at [1]. Will do. > So we should maybe only use select() if the Python version is higher > than 2.5 and stay with poll() for the previous versions. Well, I've had mixed results with the so called 'use_poll = False' "fix". We need people to test it. If it works out fine, then I agree with your assessment. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqadlgACgkQAlpOsGhXcE0q8QCffzQE6GC8sZ9UldqaxIgWgNNH x6cAnRPo/OAcfFdLs2TG/QwpSaMIl2Vo =XCwb -----END PGP SIGNATURE----- |
From: Cyril J. <cyr...@fa...> - 2009-08-28 23:10:20
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Arturo, > Problem is, I'll be working on turnk to get this fixed. Should I rather create a 'buanzo' branch > that you could add to the build system, for easier testing or...? > Mmmhhh... Trunk has some fundamental changes compared with 0.8. I think we should improve/fix 0.8 which is the current "stable" version. I don't think there should be any problems to work in the 0.8 branch but I may have missed something!? > I just made a couple commits to the trunk (namely, the "ban ip" command for fail2ban-client, which > allows manual banning of a given IP for a given Jail [no, no 'unbanip' command yet], also I added > two filters I've been using in production environments for some time now, one for lighttpd's fastcgi > ALERTs and the other for detecting url_fopen attacks in PHP). > Good :) Could you split the commits in the feature? 1 commit = 1 feature if possible. It is easier to review/follow changes, revert and export patches. Thanks. Cheers, Cyril -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqYY8EACgkQlYy8cEwUMaQk0ACfQExiaOTZtv1sOMTzZCDEZHnL WXUAn1Ul2vrM1owK+DkbGcs0RJSDkHPG =5UYB -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-08-31 14:25:08
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arthur Dent wrote: > OK - I don't particularly want to tinker with my production machine, so > I have set up a vmware virtual machine. That's perfect. > One thought I had was this: I can SSH into into the VM from the host > machine. If I don't whitelist my local network in F2B I could try > deliberately false ssh logins from the host. Would that work? Absolutely :) - In any case, you always have vmware console access to the guest. :) > To that end I am trying to write a simple bash script simulating a > brute-force attack. No need. Just ssh to the host, and use incorrect passwords as many times as your jail.conf indicates for ssh (usually 3 or 6...). > I can't quite get this script to work (I am not a very good cracker I'm > afraid). Can anyone help me with this? Or can anyone suggest a better > testing strategy? Nmap's ncrack, THC's Hydra, and many other service bruteforcers. But, really, just use ssh... > I also have VMs for Ubuntu and Mint (but Mint is basically a Ubuntu > spin-off). I know nothing about CentOS and have never used it - but I > have a CentOS 5.2 disk from a magazine cover and could, I guess, create > a VM and install that if it helps? CentOS would be great. Ubuntu already tested. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqbzmQACgkQAlpOsGhXcE1CBwCdGxZUd3p6lfeQ4HkLCOiBl/tn /1cAn3O1UHC+Mf9qfYNf9qdoGzHZNhWi =QD1a -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-09-01 13:24:01
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arthur Dent wrote: > Is that still the case or should I download a different version to try? Still the case, yes, but Leo has JUST sent me an email with a report that the new nightly packages are working OK on CentOS 5.3 and Debian "lenny". (He'll report on openSUSE later today). So, feel free to try it anyway! - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqdIF4ACgkQAlpOsGhXcE3lMwCfdtzs9IDdsMk/9wXXGeFpSuXh SV4AnjWSGCMW+ESAYXccnKqLFaTNehd2 =iQNP -----END PGP SIGNATURE----- |
From: Yaroslav H. <li...@on...> - 2009-08-31 02:23:34
|
just 1cent On Sat, 29 Aug 2009, Cyril Jaquier wrote: > Good :) Could you split the commits in the feature? 1 commit = 1 feature > if possible. It is easier to review/follow changes, revert and export > patches. Thanks. May be it could be a good time to switch the horses? I meant the VCS... I would advocate git (and sourceforge supports it now I believe), but it could be hg... Git allows to reinspect recent not-yet-pushed-to-server commits and either reorder or meld them together -- that allows to create nice atomic commits in the history -- 1 per feature (not like 1 main change + 10 follow-ups fixing it). And there are multiple other advantages over conventional centralized VCS, but I would not state them ;) If it is to be git, you could start with my version of fail2ban's SVN repository which I've made for Debian packaging of fail2ban: http://git.onerussian.com/?p=deb/fail2ban.git;a=summary or for checkout git clone git://git.onerussian.com/deb/fail2ban.git It is a bit convoluted, but mainly due to debian branches/patches etc -- they don't have to be kept at sourceforge if someone likes cleaner repository/history -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Cyril J. <cyr...@fa...> - 2009-09-01 20:12:22
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > May be it could be a good time to switch the horses? I meant the VCS... > I would advocate git (and sourceforge supports it now I believe), but it > could be hg... Git allows to reinspect recent not-yet-pushed-to-server > commits and either reorder or meld them together -- that allows to > create nice atomic commits in the history -- 1 per feature (not like 1 > main change + 10 follow-ups fixing it). And there are multiple other > advantages over conventional centralized VCS, but I would not state them > ;) > Ehehe :) Didn't we discuss this already? :D Indeed SF.net seems to support git [1] now. I'm using Eclipse with PyDev and I doubt the Eclipse plugin for git is as good as Subclipse. But I like command line tools and learning git would be certainly interesting. I will look at how to use git from SF.net and play with it a bit. But it will probably take some time before we switch officially to git ;) Be patient. Buanzo, are you used to it? I will have to learn from scratch (almost). Cheers, Cyril [1] http://sourceforge.net/apps/trac/sourceforge/wiki/Git -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqdgBMACgkQlYy8cEwUMaSMjwCePqKkhjsxlTXaOt9s7CwvM9XE g0EAmwTQZwQh6cYbe0b+oknBoG6fdq60 =O1VV -----END PGP SIGNATURE----- |
From: Arthur D. <mis...@bl...> - 2009-08-31 08:35:28
|
On Fri, 2009-08-28 at 12:50 -0300, Arturo 'Buanzo' Busleiman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Arthur Dent wrote: > > If there is anything I can do to help please let me know. I'm afraid I'm > > not a developer and I don't speak python - but if you need that bit that > > writes "Hello World!" on the screen I'm your man! > > Well, if you could setup a testing environment based on the SVN repository, that'd be great. I'll do > the same for Ubuntu, it'd be nice to have Centos, etc... > OK - I don't particularly want to tinker with my production machine, so I have set up a vmware virtual machine. I am not sure how best to test the releases however. Obviously I can check that they install correctly and start and stop correctly, but how to test the banning facility? I can't easily expose the VM to the internet. One thought I had was this: I can SSH into into the VM from the host machine. If I don't whitelist my local network in F2B I could try deliberately false ssh logins from the host. Would that work? To that end I am trying to write a simple bash script simulating a brute-force attack. My idea would be to have a list of (say) 10 passwords with the correct one near the end of the list. The script would then try all of the passwords in turn and, hopefully, F2B would block me before it gets to the correct password. I can't quite get this script to work (I am not a very good cracker I'm afraid). Can anyone help me with this? Or can anyone suggest a better testing strategy? Best regards Mark p.s. I also have VMs for Ubuntu and Mint (but Mint is basically a Ubuntu spin-off). I know nothing about CentOS and have never used it - but I have a CentOS 5.2 disk from a magazine cover and could, I guess, create a VM and install that if it helps? |