Re: [Fail2ban-users] quick 0.8.14 bugfix release, primarily for those using elderly Python 2.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 09/09/2014 12:15 PM, Yaroslav Halchenko wrote:
> On Tue, 09 Sep 2014, Natu wrote:
>
>> On 09/09/2014 01:50 AM, Yaroslav Halchenko wrote:
>>> On Mon, 08 Sep 2014, Natu wrote:
>
>>> I've reduced my jail.conf to a very simple/minimal configuration with 1
>>> jail 
>>>>> which is what? i.e. what is the configuration files (jail.conf in this
>>>>> case)?
>>>> [DEFAULT]
>>>> usedns = warn
>>>> ignoreip = 127.0.0.1
>>>> bantime  = 600
>>>> findtime  = 600
>>>> maxretry = 3
>>>> backend = auto
>>>> [postfix-overquota]
>>> so there is no longer
>>> Starting fail2ban: WARNING 'action' not defined in 'php-url-fopen'. Using default one: ''
>>> error logged, right?
>>> btw -- did you try to start with loglevel = 4 (since it is 0.8.x series) in fail2ban.conf to see if you get more info?
>>>> enabled  = true
>>>> filter   = postfix-overquota
>>>> action   = sendmail-lines-overquota[name=mail-overquota,
>>>> dest=quo...@my...]
>>>> logpath  = /var/log/maillog
>>> how big is that file?  may be the beast is just busy doing initial parse?
>
>> No, my test case is just a 1 line regular expression:
> well -- still how big was maillog?
>
>> [Definition]
>> failregex = (?:reject: RCPT from\s+\S+\[(?P<host>[\w\-.^_]+)\]: 554
>> 5.7.1\s+.*: Recipient address rejected: User is over quota)
>> ignoreregex =
>
>> I had previously set the loglevel to 4, but didn't get anything.   I
>> discovered now, that when I run only one jail with loglevel 4, I get no
>> output from the exception even though it is still happening.  When I
>> started 4 jails I got debug output, but only from 3 of the 4
>> threads/jails, even though I now see that it is happening in all of
>> them.  They are all the same exception.  Here's the output from 1 thread.
>
>> fail2ban-server -f
>> 2014-09-09 10:52:49,494 fail2ban.server [14852]: INFO    Starting
>> Fail2ban v0.8.14
>> 2014-09-09 10:54:38,917 fail2ban.comm   [14852]: DEBUG   Command: ['ping']
>> 2014-09-09 10:54:39,088 fail2ban.comm   [14852]: DEBUG   Command:
>> ['stop', 'all']
>> 2014-09-09 10:54:39,088 fail2ban.server [14852]: INFO    Stopping all jails
>> 2014-09-09 10:54:39,089 fail2ban.comm   [14852]: DEBUG   Command:
>> ['set', 'loglevel', '3']
>> Exception in thread Thread-5:
>> Traceback (most recent call last):
>>   File "/usr/lib/python2.6/threading.py", line 532, in __bootstrap_inner
>>     self.run()
>>   File "/usr/share/fail2ban/server/filterpoll.py", line 95, in run
>>     self.getFailures(filename)
>>   File "/usr/share/fail2ban/server/filter.py", line 581, in getFailures
>>     self.processLineAndAdd(line)
>>   File "/usr/share/fail2ban/server/filter.py", line 379, in
>> processLineAndAdd
>>     for element in self.processLine(line)[1]:
>>   File "/usr/share/fail2ban/server/filter.py", line 374, in processLine
>>     return logLine, self.findFailure(timeLine, logLine, returnRawHost,
>> checkAllRegex)
>>   File "/usr/share/fail2ban/server/filter.py", line 426, in findFailure
>>     date = self.dateDetector.getUnixTime(timeLine)
>>   File "/usr/share/fail2ban/server/datedetector.py", line 215, in
>> getUnixTime
>>     date = self.getTime(line)
>>   File "/usr/share/fail2ban/server/datedetector.py", line 203, in getTime
>>     date = template.getDate(line)
>>   File "/usr/share/fail2ban/server/datetemplate.py", line 140, in getDate
>>     date = list(time.strptime(dateMatch.group(), self.getPattern()))
>> AttributeError: _strptime_time
> ha -- apparently it is a nasty (thus not fixed yet) race condition
> triggered bug in Python
> http://bugs.python.org/issue7980
>
> following recommended workaround in comments: would this fix it up for you?
>
> diff --git a/server/datedetector.py b/server/datedetector.py
> index 61144ac..3612767 100644
> --- a/server/datedetector.py
> +++ b/server/datedetector.py
> @@ -23,6 +23,8 @@ __license__ = "GPL"
>  
>  import sys, time, logging
>  
> +import _strptime
> +
>  from datetemplate import DateStrptime, DateTai64n, DateEpoch, DateISO8601
>  from threading import Lock
>  
>
>> It looks to be a problem parsing the time/date in my logfile if I'm
>> reading the code correctly.  I'm enclosing a sample entry from my
>> logfile below, though I can't imagine that it would be so different from
>> anyone else running CentOS 5.   I just tried starting fail2ban on a 1
>> month old logfile, to see if it still got the error and it did.   Also,
>> note that I do have 4 jails which are all running on /var/log/maillog.  
>> As far as I know that is a legit configuration, but let me know if that
>> is not the case.
>> Also, I am currently running under python 2.6 (so this debug output was
>> from python 2.6) which I did by changing the first line in
>> /usr/bin/fail2ban*.
>> Sep  9 11:19:23 myserver postfix/smtpd[16760]: disconnect from unknown[175.156.112.240]

I tried that patch and unfortunately, it did not solve the problem.  It
does seem to me like this is a race condition because sometimes I can
start fail2ban and not see the problem at all and turning selinux on/off
seems to change the behaviour of the problem.  I guess I'll have to play
with it some more.  Since I now have python 2.6, I can try the new beta
release as well as downgrading to older releases of fail2ban.

Thank You,
Natu