Re: [Fail2ban-users] actionban (external script) not executed

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Solved as follows: I saw that I always tested with the wrong action ;-)
After adding the script call to the right action I got "returned 200" 
errors. After some googeling I found that might indicate a timing 
problem. So I tried with some sleep time after calling the script in the 
actionban. That made the errors disappear but still no data in mysql. So 
finally I changed the actionban to

actionban = echo <ip> >>/tmp/ip.block
  ipset -! -A OFFENDERS <ip>

and feed the file via cron to the script.

Cheers

Am 26.05.2014 20:48, schrieb tobi:
> Hello list
>
> I got a problem with my fail2ban installation. Have fail2ban 0.8.6
> running on a debian wheezy. Now I wanted to add an additional action
> which is an external bash script. The script takes one ip as argument
> and writes it to a mysql table. The script itself runs fine, when I call
> it from commandline and adds the ip given to the table (I double checked
> that the ip is added).
> So I created the following banaction in my action file
>
> actionban = /root/addIP2PostfixBlock.sh <ip> && ipset -! -A OFFENDERS <ip>
>
> The "weird" thing is that the ipset get executed and the ip ends up in
> ipset. But nothing in mysql. The script look like this
>
> #!/bin/bash
>
> [ "x$*" != 'x' ] || exit 1
>
> if [ "x$1" != 'x' ] ; then
>   IP=''
>   IP=$(echo "$1" | sed -rn '/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])/p')
>   [ "x$IP" = 'x' ] && exit 1
>   sed -r 's/IPADDRESS/'$IP'/g' /root/addIP2PostfixBlock.tpl >/tmp/blockSQL.tmp 2>/dev/null
>   mysql -uMYSQLUSER -pMYSQLPWD -h 192.168.199.213 -P3308 postfix </tmp/blockSQL.tmp 2>/dev/null
>   rm /tmp/blockSQL.tmp >/dev/null 2>&1
>   exit 0
> else
>   exit 1
> fi
>
> Is it possible that fail2ban uses a special "enviornment" when running
> external bash script?
> The following shows that the second part of the actionban is executed
>
> ipset -D OFFENDERS 173.242.XX.YY
> ipset -T OFFENDERS 173.242.XX.YY
> 173.242.XX.YY is NOT in set OFFENDERS.
> root@log1:~# /etc/init.d/fail2ban restart
> [ ok ] Restarting authentication failure monitor: fail2ban.
> root@log1:~# tail -f /var/log/fail2ban.log
> [...]
> 2014-05-26 20:30:56,359 fail2ban.actions: WARNING [ssh] Ban 173.242.XX.YY
> [...]
> root@log1:~# ipset -T OFFENDERS 173.242.XX.YY
> 173.242.XX.YY is in set OFFENDERS.
>
> Thanks for any idea
>
> tobi
>
> --
> It always seems impossible until its done.
> (Rolihlahla "Nelson" Mandela 1918-2013)
>
>
>
> ------------------------------------------------------------------------------
> The best possible search technologies are now affordable for all companies.
> Download your FREE open source Enterprise Search Engine today!
> Our experts will assist you in its installation for $59/mo, no commitment.
> Test it for FREE on our Cloud platform anytime!
> http://pubads.g.doubleclick.net/gampad/clk?id=145328191&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fai...@li...
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>

-- 
It always seems impossible until its done.
(Rolihlahla "Nelson" Mandela 1918-2013)