From: Klaus L. <leh...@t-...> - 2009-09-01 17:09:14
|
hi some additions. basics: 3 different installations on 3 suse's I don't use foolish rpm's, I install them with python install ... 1. testing on (open)suse 9.0 Python 2.4.2 (#1, Dec 25 2005, 12:31:32) [GCC 3.3.1 (SuSE Linux)] on linux2 /etc/fail2ban # ./_status Status |- Number of jail: 12 `- Jail list: apache-http11, php-url-fopen, apache-noscript, pam-generic, ssh-iptables, apache-badbots, apache-nohome, ssh-ddos, apache-overflows, apache-tcpwrapper, webmin-iptables, ssh-incorrectuser -> opensuse 9.0 went well. 2. testing on openSUSE 10.3 (X86-64) Python 2.5.1 (r251:54863, Dec 6 2008, 10:49:39) [GCC 4.2.1 (SUSE Linux)] /etc/fail2ban # ./_check Status |- Number of jail: 12 `- Jail list: apache-http11, php-url-fopen, apache-noscript, pam-generic, ssh-iptables, apache-badbots, apache-nohome, ssh-ddos, apache-overflows, apache-tcpwrapper, webmin-iptables, ssh-incorrectuser BUT, we see on fail2ban.log: ====================== 2009-09-01 18:31:18,536 fail2ban.filter : WARNING Unable to find a corresponding IP address for server.powered2009-09-01 18:31:19,537 fail2ban.server : ERROR Unexpected communication error: (32, 'Broken pipe') 2009-09-01 18:31:19,537 fail2ban : ERROR global name 'traceback' is not defined Traceback (most recent call last): File "/usr/local/bin/fail2ban-server", line 126, in start self.__server.start(self.__conf["socket"], self.__conf["force"]) File "/usr/share/fail2ban/server/server.py", line 89, in start self.__asyncServer.start(sock, force) File "/usr/share/fail2ban/server/asyncserver.py", line 144, in start asyncore.loop(use_poll = True) File "/usr/lib64/python2.5/asyncore.py", line 191, in loop poll_fun(timeout, map) File "/usr/lib64/python2.5/asyncore.py", line 176, in poll2 readwrite(obj, flags) File "/usr/lib64/python2.5/asyncore.py", line 101, in readwrite obj.handle_error() File "/usr/share/fail2ban/server/asyncserver.py", line 75, in handle_error logSys.error(traceback.format_exc().splitlines()) NameError: global name 'traceback' is not defined 2009-09-01 18:34:01,221 fail2ban.filter : WARNING Unable to find a corresponding IP address for 87.170. 2009-09-01 18:34:01,842 fail2ban.actions: WARNING [apache-http11] Ban 81.169.175.74 2009-09-01 18:34:03,418 fail2ban.filter : WARNING Unable to find a corresponding IP address for host100-209-st ... normal stuff who can handle this? 3. SUSE Linux Enterprise Server 11 (i586); VERSION = 11; PATCHLEVEL = 0 Python 2.6 (r26:66714, Feb 21 2009, 05:33:00) [GCC 4.3.2 [gcc-4_3-branch revision 141291]] on linux2 xseries346:/etc/fail2ban # ./_status Status |- Number of jail: 4 `- Jail list: ssh-iptables, webmin-iptables, pam-generic, ssh-ddos Press any key to continue... it seems to work on python2.6 I noticed: (some small additions) ======= a. error(?) in jail.conf ... [lighttpd-fastcgi] enabled = false it's false. but it's not true. it's enabled. You must !remark! those entries, If You don't have lighttpd.... same situation for for php-url-fopen... b. logging on my sles-server (SUSE Linux Enterprise Server 11) ist very slow. since 15 or more minutes there are no entries in /var/log/fail2ban-log. but: xseries346:/etc/fail2ban # ./_status Status |- Number of jail: 4 `- Jail list: ssh-iptables, webmin-iptables, pam-generic, ssh-ddos no lines like: 2009-06-12 20:53:57,615 fail2ban.server : ERROR Unexpected communication error /those were usually with python2.6/ c. only small hint, for better viewing and understanding: please look at: jail.conf [php-url-fopen] enabled = false port = http,https filter = php-url-fopen logpath = /var/www/*/logs/access_log maxretry = 1 it better to read/write those: [php-url-fopen] enabled = false port = http,https filter = php-url-fopen logpath = /var/www/*/logs/access_log maxretry = 1 [do you see the diference?] yours klaus |
From: Arturo 'B. B. <bu...@bu...> - 2009-09-01 17:36:30
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Klaus Lehmann wrote: > -> opensuse 9.0 went well. great. > 2009-09-01 18:34:03,418 fail2ban.filter : WARNING Unable to find a > corresponding IP address for host100-209-st > ... normal stuff > > who can handle this? traceback? fixed. commited to svn branches/FAIL2BAN-0.8. > 3. SUSE Linux Enterprise Server 11 (i586); VERSION = 11; PATCHLEVEL = 0 > it seems to work on python2.6 ok. > [lighttpd-fastcgi] > enabled = false > it's false. but it's not true. it's enabled. > You must !remark! those entries, If You don't have lighttpd.... I don't understand. Can you say it in Deutsch? > b. logging on my sles-server (SUSE Linux Enterprise Server 11) ist very > slow. > since 15 or more minutes there are no entries in /var/log/fail2ban-log. > but: > xseries346:/etc/fail2ban # ./_status > Status > |- Number of jail: 4 > `- Jail list: ssh-iptables, webmin-iptables, pam-generic, > ssh-ddos > no lines like: 2009-06-12 20:53:57,615 fail2ban.server : ERROR > Unexpected communication error > /those were usually with python2.6/ I'm having a really hard time following what you're showing us... > enabled = false > port = http,https > filter = php-url-fopen > logpath = /var/www/*/logs/access_log > maxretry = 1 > > it better to read/write those: > > [php-url-fopen] > enabled = false > port = http,https > filter = php-url-fopen > logpath = /var/www/*/logs/access_log > maxretry = 1 > [do you see the diference?] you removed a blank line..... ? - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqdW4oACgkQAlpOsGhXcE1U7gCffNmhkD5z/Pqmd9hAu/85ilmS D6cAn2UK3usIHZidHHJ4khzqjg3paKoe =Km9/ -----END PGP SIGNATURE----- |
From: Klaus L. <leh...@t-...> - 2009-09-06 14:11:34
|
On Tue, 01 Sep 2009 14:36:10 -0300 Arturo 'Buanzo' Busleiman wrote: <>great. <>ok. <>I don't understand. Can you say it in Deutsch? <>I'm having a really hard time following what you're showing us... <>you removed a blank line..... ? i think other -mostly- people in list can understand this. nobody is perfect in english, neither english man by-their-self. i don't like much of those emails. they reduce my willingness to write in this list. repeating: "i think other -mostly- people in list can understand this." klaus |
From: Arturo 'B. B. <bu...@bu...> - 2009-09-06 14:20:55
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Klaus Lehmann wrote: > i think other -mostly- people in list can understand this. > nobody is perfect in english, neither english man by-their-self. > i don't like much of those emails. they reduce my willingness to write > in this list. > repeating: "i think other -mostly- people in list can understand this." Sure, but no one else commented on your email, and I did. Really, I'm not sure what you're showing us, Klaus. Sorry if it offends you. Accept it. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqjxTcACgkQAlpOsGhXcE2d3gCfYrwrn2RBXjAdhmFO12oCWXcX +YwAn28i37qtQZrf8vv110gLQ9HceC2S =gSbe -----END PGP SIGNATURE----- |
From: Arturo 'B. B. <bu...@bu...> - 2009-09-06 14:28:20
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > Sure, but no one else commented on your email, and I did. Really, I'm not sure what you're showing > us, Klaus. Sorry if it offends you. Accept it. Additionally, I fixed your "BUT" of item 2, asked about item 3a (absolutely not clear: "it's false. but it's not true. it's enabled.". It says enabled = false. The jail is disabled.). About item 3b: maybe a gamin/poll problem? I don't have access to an enterprise Linux to test+debug+fix that. Item 3c is funny: you say it's better for readability to remove the extra blank line. I noticed ALL jails in jail.conf by default have that extra blank line. I created my jails using the pre-existing ones as templates. I suppose you refer to all the jails, then? not a bug in the new jails definition? - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqjxvEACgkQAlpOsGhXcE21iACfVCzmQ6Jp/EIreNvX3j4QWy3j Q60An3GaNs7PDeAgcV7tAfVSeCqFUBYg =NmTo -----END PGP SIGNATURE----- |
From: Cyril J. <cyr...@fa...> - 2009-09-06 20:36:07
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Klaus, > I noticed: (some small additions) > ======= > a. error(?) in jail.conf > ... > [lighttpd-fastcgi] > enabled = false > it's false. but it's not true. it's enabled. > You must !remark! those entries, If You don't have lighttpd.... > > same situation for for php-url-fopen... > Do you mean, even if "enabled = false" is set, the jail is created on startup? If this is the case, could you please post the output of "fail2ban-client -d"? This will dump your configuration. Thanks Cyril -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqkHSUACgkQlYy8cEwUMaTQTACeMSsYTXOL+Vu4LELHptzxYHhi aZoAn0p56JAhekv9wfaZl6evdbYrTx64 =WJLr -----END PGP SIGNATURE----- |