Re: [Monitorix-general] Bug in 3.12.0

[Jordi S. <jo...@fi...>]

Izzy,

No, no need to do anything on your part.
Thank you very much.


On 2/28/20 8:35 AM, Andreas Itzchak Rehberg wrote:
> Ah, the other jail… Yes, that could be.
> 
> Is there anything you want me to change in packaging?
> 
> (I'm aware the mailing list will reject this again, but keeping it in
> makes it easier for you to answer ;)
> 
> Best,
> Izzy.
> 
> On Fri, 2020-02-28 at 08:25 +0100, Jordi Sanfeliu wrote:
>> Hello,
>>
>> (Izzy, your message was automatically discarded by the mailing list,
>> sorry.)
>>
>> As pointed by Baptiste (the package maintainer for newer Debian
>> versions) on freenode, [postfix-rbl] jail is not part of the default
>> configuration of Monitorix in Debian.
>>
>> So, it's probably that you already had such jail defined in
>> 'monitorix.conf' before updating to 3.12. Remember that in all
>> versions
>> prior to 3.12, Monitorix was not using the command 'fail2ban-client'
>> and
>> so undefined jails didn't generate warnings in the fail2ban log file.
>>
>> Frank, if you don't use such jail then just remove it from your
>> 'monitorix.conf' file (and restart Monitorix).
>>
>> Regards.
>>
>>
>>
>> On 2/27/20 10:32 PM, Andreas Itzchak Rehberg wrote:
>>>
>>> Are you two talking about those entries in the f2b log:
>>>
>>> 2020-02-24 08:41:05,901 fail2ban.comm   : WARNING Invalid command:
>>> ['status', 'apache']
>>> 2020-02-24 08:41:07,111 fail2ban.comm   : WARNING Invalid command:
>>> ['status', 'pam-generic']
>>>
>>> If so: I can confirm they pop up here as well. But I doubt they are
>>> specific to the Debian package. In my case, these two are the only
>>> ones
>>> showing up in the log – and both jails are indeed disabled on that
>>> machine. It would most likely help to disable them in the monitorix
>>> config as well (or to enable them in f2b).
>>>
>>> For the former, just copy the "<fail2ban>" block from
>>> "/etc/monitorix/monitorix.conf" to your site-specific
>>> "/etc/monitorix/conf.d/xxx.conf" and remove the "offending" jails
>>> from
>>> "<desc>" (that correct, Jordi?).
>>>
>>> If you were talking about something else, please specify :)
>>>
>>> Best,
>>> Izzy.
>>>
>>> On Thu, 2020-02-27 at 13:02 +0100, Jordi Sanfeliu wrote:
>>>>
>>>> Hello Frank,
>>>>
>>>> I've CCed Andreas 'Izzy' the package maintainer for Debian
>>>> systems,
>>>> to
>>>> let him know about this issue.
>>>>
>>>>
>>>> On 2/27/20 11:56 AM, Frank B wrote:
>>>>>
>>>>>
>>>>> This looked strange to me, since I've disabled the postfix-rbl
>>>>> jail.
>>>>> Activating this jail and reloading fail2ban stopped the
>>>>> warnings.
>>>>> As far
>>>>> as I know there were no changes on my system, so I started
>>>>> digging
>>>>> deeper and found in apt's history.log:
>>>>>
>>>>> ===
>>>>> Start-Date: 2020-02-24  09:28:55
>>>>> Commandline: apt upgrade
>>>>> Upgrade: monitorix:amd64 (3.11.0-izzy1, 3.12.0-izzy1)
>>>>> End-Date: 2020-02-24  09:28:57
>>>>> ===
>>>>>
>>>>> Notice the timestamps of the first warning and the upgrade of
>>>>> Monitorix
>>>>> to 3.12.0.
>>>> The new warnings in the fail2ban log are probably due the fact
>>>> that
>>>> since 3.12, Monitorix uses by default the command 'fail2ban-
>>>> client'
>>>> to
>>>> know about the number of IP bans per jail. It looks like such
>>>> command
>>>> routes directly these warnings to the fail2ban log.
>>>>
>>>>
>>>>>
>>>>>
>>>>> In monitorix.conf [postfix-rbl] was enabled in the fail2ban
>>>>> graph
>>>>> section. Disabling this and disabling the postfix-rbl jail
>>>>> again
>>>>> (the
>>>>> host of my VPS has limited the number of IP packet filtering
>>>>> entries, so
>>>>> I have to be very selective with my jail setup) fixed the
>>>>> situation. As
>>>>> an added "bonus" I lost the history of my fail2ban graph in
>>>>> Monitorix;
>>>>> all data in the graph before the upgrade is gone. The other
>>>>> graphs
>>>>> are fine.
>>>> As stated in the manpage:
>>>>
>>>> "WARNING: Every time the number of entries in this option
>>>> changes,
>>>> Monitorix will resize the fail2ban.rrd file accordingly, removing
>>>> all
>>>> historical data."
>>>>
>>>> Monitorix creates automatically a backup of the old file, so you
>>>> should
>>>> have all your historical data in the file
>>>> '/var/lib/monitorix/fail2ban.rrd.bak'.
>>>>
>>>> Just rename that file and reset the number of configured jails in
>>>> Monitorix to match with that file, and you will continue enjoying
>>>> your
>>>> historical data.
>>>>
>>>>
>>>>>
>>>>>
>>>>> Summary: a disabled jail in fail2ban but enabled in the
>>>>> fail2ban
>>>>> graph
>>>>> section of Monitorix floods fail2ban.log with warnings. I did
>>>>> not
>>>>> try to
>>>>> reproduce this issue with other jails.
>>>> Yes apparently this is a fail2ban feature (perhaps configurable).
>>>>
>>>> To make sure, just try to force a warning in the fail2ban log by
>>>> requesting information of an nonexistent jail, like this:
>>>> 'fail2ban-client status jailnotexistent'.
>>>>
>>>>
>>>> Regards.
>>>>

-- 
Jordi Sanfeliu
FIBRANET Network Services Provider
https://www.fibranet.cat

La possible informació de caràcter personal que pugui contenir el 
present correu electrònic, està protegida degudament per la normativa 
del Reglament Europeu de Protecció de Dades (RGPD), que compromet no 
utilitzar-la per a finalitats diferents per la que s'ha remès al 
destinatari, a l’hora que la subjecta a una obligació de 
confidencialitat. En conseqüència, és d'ús exclusiu per al destinatari, 
quedant prohibida a qualsevol altra persona la seva revelació, còpia, 
distribució o l'exercici de qualsevol acció relativa al seu contingut. 
Si rebéssiu aquest correu electrònic erròniament o de forma incompleta, 
si us plau, procediu a reenviar-nos-el.

Informació Bàsica Política de Privacitat (RGPD). Responsable: FIBRANET 
NSP, SL. Finalitat: Gestió de l'execució de la prestació del servei i 
facturació del mateix. Legitimació: Execució d'un contracte/prestació de 
servei. Període de conservació: Les dades proporcionades es conservaran 
mentre es mantingui la relació comercial o durant els anys necessaris 
per complir amb les obligacions legals. Destinataris: No es cediran a 
tercers, a excepció d'obligació legal. Drets: Accedir, rectificar i 
suprimir les dades, així com els altres drets, tal i com s'explica en la 
informació addicional. Informació addicional: Es pot consultar la 
informació addicional i detallada sobre la nostra protecció de dades a 
la nostra pàgina web www.fibranet.cat.