From: Jakob C. <jc...@in...> - 2005-09-27 21:00:27
|
Hi, I have looked for a script that doas exactly what fail2ban does - superb. But alas, I am no python guru. I treid to install it on a RH 9.x system and got the following : [root@insegni fail2ban-0.4.1]# /usr/bin/fail2ban.py 09/27/05 22:47:16.572 [0.015 (0.015)] DEBUG main [createPID (194)] Created PID lock (12071) in /var/run/fail2ban.pid 09/27/05 22:47:16.589 [0.032 (0.017)] DEBUG main [Main (450)] ConfFile is /etc/fail2ban.conf 09/27/05 22:47:16.591 [0.034 (0.002)] DEBUG main [Main (451)] BanTime is 60 09/27/05 22:47:16.593 [0.036 (0.002)] DEBUG main [Main (452)] retryAllowed is 3 Traceback (most recent call last): File "/usr/bin/fail2ban.py", line 456, in ? confReader = ConfigReader(logSys, conf["conffile"]); TypeError: __init__() takes exactly 2 arguments (3 given) I have upgraded python to the current version before installing and have installed log4py-1.3 and tried both the stable and development version of fail2ban; with identical result. What am I doing wrong ? Yours, Jakob Curdes |
From: Yaroslav H. <li...@on...> - 2005-09-28 02:37:52
|
Hi Jakob, While Cyril is away, I will try to do my best to help you. I'm not a RH guru though... I am a Debian person that is why my support might be limited and always will end with a statement: "do yourself a favor, try Debian" :-) could you please tell me what version of python RH uses? (python -V) did you install it from source of rpms? > I have upgraded python to the current version before installing and have installed log4py-1.3 and tried both the stable and development > version of fail2ban; with identical result. What am I doing wrong ? since some old version, fail2ban doesn't use log4py but uses standard python's logger - so do not bother about that. Please try the latest 0.5.4 version and report the result -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Peter C. N. <spa...@le...> - 2005-09-28 03:14:46
|
On Tue, Sep 27, 2005 at 10:37:09PM -0400, Yaroslav Halchenko wrote: > I'm not a RH guru though... I am a Debian person that is why my support > might be limited and always will end with a statement: "do yourself a > favor, try Debian" :-) Yaroslav, Did you see my issue with debian and courier failure logs? Let me know, I can help set up a reproducer for you. Thanks, -Peter -- The 5 year plan: In five years we'll make up another plan. Or just re-use this one. |
From: Yaroslav H. <li...@on...> - 2005-09-28 04:58:29
|
Hi Peter, I just subscribed to this list and because you didn't report the "bug" to the Debian BTS, I didn't see your report before. And it is not a bug really, but more of a wish because it just doesn't work for your introduced section. As the answer: did you try failregex = 550 User unknown instead of your failregex = 550 User Unknown ? :-))) In the other words: check all your regexps manually in python on a target string. This way you make sure that whatever "bug" is really a bug :-) P.S. If it works -- could you please wrap your config for courier consistently with the rest of the config (not that I like duplicating comment lines, but just to be consistent) and submit it to the list or to debian BTS. Then me (or Cyril) will include it in some upcoming release :-) Thank you in advance cheers -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Peter C. N. <spa...@le...> - 2005-09-28 16:11:03
|
On Wed, Sep 28, 2005 at 12:58:09AM -0400, Yaroslav Halchenko wrote: > Hi Peter, > > I just subscribed to this list and because you didn't report the "bug" to > the Debian BTS, I didn't see your report before. > > And it is not a bug really, but more of a wish because it just doesn't > work for your introduced section. > > As the answer: did you try > failregex = 550 User unknown > instead of your > failregex = 550 User Unknown > ? > :-))) Thanks, that's what I get for thinking I did a literal cut-n-paste. > In the other words: check all your regexps manually in python on a > target string. This way you make sure that whatever "bug" is really a > bug :-) I would have, but I was out chasing butterflies or some other form of harmless bugs that aren't. > P.S. If it works -- could you please wrap your config for courier > consistently with the rest of the config (not that I like duplicating > comment lines, but just to be consistent) and submit it to the list or > to debian BTS. Then me (or Cyril) will include it in some upcoming > release :-) Thank you in advance Will do. Thanks, -Peter -- The 5 year plan: In five years we'll make up another plan. Or just re-use this one. |
From: Peter C. N. <spa...@le...> - 2005-09-28 16:40:47
|
I've gotten fail2ban to recognize it, but I think there are some issues with the debian package actually banning correctly. It doesn't seem as though the correct commands get run at startup to enable the rules, and if i manually add the chains I need, I see that the chains are created. However, using the fail2ban startup script and setting fwstart for each set of rules results in no chains being created. I think in general that the scanning part is working, but startup and shutdown seem to be hurting. Thanks, -Peter On Wed, Sep 28, 2005 at 12:58:09AM -0400, Yaroslav Halchenko wrote: > Hi Peter, > > I just subscribed to this list and because you didn't report the "bug" to > the Debian BTS, I didn't see your report before. > > And it is not a bug really, but more of a wish because it just doesn't > work for your introduced section. > > As the answer: did you try > failregex = 550 User unknown > instead of your > failregex = 550 User Unknown > ? > :-))) > > In the other words: check all your regexps manually in python on a > target string. This way you make sure that whatever "bug" is really a > bug :-) > > P.S. If it works -- could you please wrap your config for courier > consistently with the rest of the config (not that I like duplicating > comment lines, but just to be consistent) and submit it to the list or > to debian BTS. Then me (or Cyril) will include it in some upcoming > release :-) Thank you in advance > > cheers > > -- > .-. > =------------------------------ /v\ ----------------------------= > Keep in touch // \\ (yoh@|www.)onerussian.com > Yaroslav Halchenko /( )\ ICQ#: 60653192 > Linux User ^^-^^ [175555] > > -- The 5 year plan: In five years we'll make up another plan. Or just re-use this one. |
From: Yaroslav H. <li...@on...> - 2005-09-28 16:50:15
|
OK Peter, Could you provide more details? version, relevant config file and a test log file? Lets make it work now :-) Yarik On Wed, Sep 28, 2005 at 09:40:32AM -0700, Peter C. Norton wrote: > I've gotten fail2ban to recognize it, but I think there are some > issues with the debian package actually banning correctly. It doesn't > seem as though the correct commands get run at startup to enable the > rules, and if i manually add the chains I need, I see that the chains > are created. However, using the fail2ban startup script and setting > fwstart for each set of rules results in no chains being created. > I think in general that the scanning part is working, but startup and > shutdown seem to be hurting. > Thanks, > -Peter -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Jakob C. <jc...@in...> - 2005-09-28 06:55:54
|
Resolved ! Just now I tried to start fail2ban from the source directory and it worked. After copying fail2ban and fail2ban.py to /usr/bin and adjusting the fail2ban.conf, no more problems were encountered. No idea what happened. MfG, Jakob Curdes iS information Systems oHG |