Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having issues with fail2ban parsing jailf.conf. The errors are as follows :
Code:
Stopping fail2ban: [FAILED]
Starting fail2ban: Traceback (most recent call last):
File "/usr/bin/fail2ban-client", line 426, in <module>
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 395, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 184, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 399, in __readConfig
self.__configurator.readAll()
File "/usr/share/fail2ban/client/configurator.py", line 62, in readAll
self.__jails.read()
File "/usr/share/fail2ban/client/jailsreader.py", line 49, in read
return ConfigReader.read(self, "jail")
File "/usr/share/fail2ban/client/configreader.py", line 70, in read
config_files_read = SafeConfigParserWithIncludes.read(self, config_files)
File "/usr/share/fail2ban/client/configparserinc.py", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/configparserinc.py", line 76, in getIncludes
parser.read(resource)
File "/usr/lib64/python2.6/ConfigParser.py", line 286, in read
self._read(fp, filename)
File "/usr/lib64/python2.6/ConfigParser.py", line 510, in _read
raise e
ConfigParser.ParsingError: File contains parsing errors: /etc/fail2ban/jail.conf
[line 57]: ' enabled = true\n'
[line 58]: ' port = http,https\n'
[line 59]: ' filter = apache-nokiddies\n'
[line 60]: ' logpath = /var/log/apache*/*access.log\n'
[line 61]: ' maxretry = 3\n'
[FAILED]
The jail.conf file :
Code:
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
#see /etc/fail2ban/filter.d/apache-overflows.conf
[apache-overflows]
enabled = true
#see /etc/fail2ban/filter.d/apache.conf
[apache]
enabled = true
#see /etc/fail2ban/filter.d/apache-noscript.conf
[apache-noscript]
enabled = true
#see
[apache-badbots]
enabled = true
#see /etc/fail2ban/filter.d/apache-phpmyadmin.conf
[apache-phpmyadmin]
enabled = true
port = http,https
filter = apache-phpmyadmin
logpath = /var/log/apache*/*error.log
maxretry = 3
#see
#[apache-post]
#enabled = true
#filter = apache-post
#action = iptables[name=httpd, port=80, protocol=tcp]
#sendmail-whois[name=post_block, dest=jtrescue1@gmail.com]
#logpath = /var/log/httpd/access_log
#findtime = 10
#bantime = 183600
#maxretry = 10
#see /etc/fail2ban/filter.d/apache-nokiddies.conf
[apache-nokiddies]
enabled = true
port = http,https
filter = apache-nokiddies
logpath = /var/log/apache*/*access.log
maxretry = 3
#see /etc/fail2ban/filter.d/apache-clientdenied.conf
[apache-clientdenied]
enabled = true
port = http,https
filter = apache-clientdenied
logpath = /var/log/apache*/*error.log
maxretry = 3
#see /etc/fail2ban/filter.d/ssh-iptables.conf
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath = /var/log/secure
maxretry = 5
So, I am guessing its not the actual filter conf file but the way the jail.conf file is being parsed. Any help would be appreciated.
sure thing. And thanks for checking it out. After looking into it centos does not compile apache with tcpwrapper support. Using fail2ban would not work in this case. Yes I could compile it. However, I worried that once I leave the setup it will not be updated.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Question regarding fail2ban jail.conf
