From: Tom F. <To...@pa...> - 2013-12-14 00:46:59
|
Thanks everyone who responded with advice. Redirecting the wget stderr to a file showed me this error: * Trying 192.168.0.116... Failed to connect to 192.168.0.116: Permission denied Searching on that error pointed me to SELinux. I found this in /var/log/audit/audit.log: type=AVC msg=audit(1386961382.694:3611): avc: denied { name_connect } for pid=9545 comm="wget" dest=80 scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket Based on advice at http://wiki.centos.org/HowTos/SELinux, I was able to adjust the policy to allow curl to make network connections from fail2ban. From: Tom Faber Sent: Thursday, December 12, 2013 1:06 PM To: 'fai...@li...' Cc: Tom Faber Subject: Making an http post from a fail2ban action Hi - I'm running fail2ban on CentOS. I want to have an action that posts to a web service on banning. I've tried both wget and curl, neither one is working. In the fail2ban logs it just says fail2ban.actions.action: ERROR curl -X POST -d "true" http://myserver/path --header "Content-Type:application/json" returned 700 For the same action using wget, it says "returned 400". I already have the fail2ban logging up to debug level, and I don't see any other information on what's happening. When I try passing in -d to wget to trigger wget debug logging, I get an error message that it couldn't write to the log. Both curl and wget, the exact same command line that fails in the action succeeds when I run it from the bash prompt. The destination server (windows with IIS - so I've checked both IIS logs and Network Monitor) isn't receiving the post, so at first I thought perhaps it just wasn't resolving the host name - but using FQDN or IP Address gives the same results. My questions are: - Is there any fail2ban documentation of these error codes? I searched the http://www.fail2ban.org/ site and found nothing. - Are there specific restrictions of what can be done from a custom action? Is there something about the context that changes how network operations work? - Any trick to getting wget debug logging working from inside an action? - Anything obvious you see that I'm doing wrong? Thanks -Tom |