-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logpath issue: move logic "collecting of logfiles" from client to server resp. filter ... #1379
Comments
should resolve #1407 |
Several issues refer to |
What version was this merged in? Specificity the 1407 (Related to log files having dates in the name). Thanks |
Nowhere. It's an issue. I should still finish it. Just persistently no time... |
@sebres Should Fail2ban v0.9.7-2 accept multiline logpaths? logpath = %(apache_error_log)s
/home/*/website/log/*error.log it says
|
Fail2ban self does it... it looks rather as an issue of ConfigReader's and/or ExtractOptions (by supplying to the action "sendmail-geoip-lines"). The alternative for you which could work - switch to another action (e. g. that using |
Thank you. |
yw
Oh, forgotten that we had a grave issue with not proper "escaped" |
Thank you. So
could destroy servers of my clients? |
Not this way directly, but we don't want to provide here any advices for script-kiddis :) |
This issue is really annoying. I try to provision fail2ban jail.d using a CMDB, based on which packages are installed. Maybe it would be good idea to add an option in fail2ban, that allows silent fails for jails. Currently fail2ban crashs if something is wrong (which is fine to allow monitoring tools to notify the admin). Currently this is a blocker for me, is there any chance to make this configurable soon? |
want to try install fail2ban manually on ubuntu 20 server... it fails with this |
Hello Chuck! Willkommen zu Fail2Ban! |
Solved with systemd in jail.conf. Works great, thanks |
Still an issue re: #2756 Using emptylog as a workaround: [jail]
logpath = %(known/logpath)s
/etc/fail2ban/emptylog |
- do not repeat jail options that are already defined in `jail.conf`, in jail.d/*conf` - gitea/jellyfin: do not disable gitea/jellyfin jails if the corresponding service is disabled - prevent missing/not-yet-creat log files from causing failban reloads/restart to fail (e.g. when a service is initially deployed with `*_enable_service: no`) by creating a placeholder/empty log file and adding the the list of `logpath` for each service (related fail2ban/fail2ban#2756, fail2ban/fail2ban#1379) - do not enable the `pam-generic` jail by default as no service uses it - use values provided in `fail2ban_default_maxretry` (default 5), `fail2ban_default_findtime` (10min) and `fail2ban_default_bantime` (1 year) for all jails - only ban offenders on HTTP/HTTPS ports for auth failures on web applications. This way it is still possible to log in via SSH to unban an IP if the controller IP gets banned by mistake - standardize order of instalaltion/configuration tasks
- do not repeat jail options that are already defined in `jail.conf`, in jail.d/*conf` - gitea/jellyfin: do not disable gitea/jellyfin jails if the corresponding service is disabled - prevent missing/not-yet-creat log files from causing failban reloads/restart to fail (e.g. when a service is initially deployed with `*_enable_service: no`) by creating a placeholder/empty log file and adding the the list of `logpath` for each service (related fail2ban/fail2ban#2756, fail2ban/fail2ban#1379) - do not enable the `pam-generic` jail by default as no service uses it - use values provided in `fail2ban_default_maxretry` (default 5), `fail2ban_default_findtime` (10min) and `fail2ban_default_bantime` (1 year) for all jails - only ban offenders on HTTP/HTTPS ports for auth failures on web applications. This way it is still possible to log in via SSH to unban an IP if the controller IP gets banned by mistake - standardize order of instalaltion/configuration tasks
- do not repeat jail options that are already defined in `jail.conf`, in jail.d/*conf` - gitea/jellyfin: do not disable gitea/jellyfin jails if the corresponding service is disabled - prevent missing/not-yet-creat log files from causing failban reloads/restart to fail (e.g. when a service is initially deployed with `*_enable_service: no`) by creating a placeholder/empty log file and adding the the list of `logpath` for each service (related fail2ban/fail2ban#2756, fail2ban/fail2ban#1379) - do not enable the `pam-generic` jail by default as no service uses it - use values provided in `fail2ban_default_maxretry` (default 5), `fail2ban_default_findtime` (10min) and `fail2ban_default_bantime` (1 year) for all jails - only ban offenders on HTTP/HTTPS ports for auth failures on web applications. This way it is still possible to log in via SSH to unban an IP if the controller IP gets banned by mistake - standardize order of instalaltion/configuration tasks
I run it on a self-made server, ubuntu server 22.04.04(LTS) and after trying to insert the 403 error message giver of here, the service complains over the lacking log file for the selinux-ssh jail. Already tried all the options given here, with the error persisting through purges and installing again afterwards. Kinda unsure on what to do here. |
The mentioned description doesn't speak about Either check the jail |
Ye, I know, personally find it rather weird that that file complains.
Checked selinux-ssh.conf and it doesn't seem to have either a |
Well every local jail-configuration (no matter in Lines 292 to 295 in 8be16f1
The default backend and logpath (or here the value of To check what is configured, one can also use: # dump config:
fail2ban-client -d
# or pretty dump:
fail2ban-client --dp |
Fail2Ban_Dump.txt |
Fail2ban doesn't have currently any possibility to detect which services are active or not and to enable corresponding jails fully automatically. Don't enable all jails (do it only for jails you need for services you really have). |
Just a reminder for me (will too long provide a PR for this, waiting for 716-cs ... and #1346).
Should fix imho great problem with "collecting of logfiles" client side: current solution uses fixedly list of the log files, found by the moment of the fail2ban starting.
Variable logfiles of some services (multiple domains, etc.) will not be taken into account, unless fail2ban or jails are reloaded.
logregex
as additionally extended "replacement" forlogpath
;logregex-ignore
(andlogpath-ignore
) for negative filter (resp. see Add excludepath config option #1756);The text was updated successfully, but these errors were encountered: