Thanks everyone who responded with advice.    Redirecting the wget stderr to a file showed me this error:

*   Trying Failed to connect to Permission denied


Searching on that error pointed me to SELinux.  I found this in /var/log/audit/audit.log:

type=AVC msg=audit(1386961382.694:3611): avc:  denied  { name_connect } for  pid=9545 comm="wget" dest=80 scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket


Based on advice at, I was able to adjust the policy to allow curl to make network connections from fail2ban.



From: Tom Faber
Sent: Thursday, December 12, 2013 1:06 PM
To: ''
Cc: Tom Faber
Subject: Making an http post from a fail2ban action


Hi –


I’m running fail2ban on CentOS.  I want to have an action that posts to a web service on banning.   I’ve tried both wget and curl, neither one is working.   In the fail2ban logs it just says

                fail2ban.actions.action: ERROR  curl -X POST -d "true" http://myserver/path --header "Content-Type:application/json" returned 700

For the same action using wget, it says “returned 400”.   I already have the fail2ban logging up to debug level, and I don’t see any other information on what’s happening.    When I try passing in –d to wget to trigger wget debug logging, I get an error message that it couldn’t write to the log.


Both curl and wget, the exact same command line that fails in the action succeeds when I run it from the bash prompt.


The destination server (windows with IIS – so I’ve checked both IIS logs and Network Monitor) isn’t receiving the post, so at first I thought perhaps it just wasn’t resolving the host name – but using FQDN or IP Address gives the same results.


My questions are:

-          Is there any fail2ban documentation of these error codes?  I searched the site and found nothing.

-          Are there specific restrictions of what can be done from a custom action?   Is there something about the context that changes how network operations work?

-          Any trick to getting wget debug logging working from inside an action?

-          Anything obvious you see that I’m doing wrong?