After sending the bug report (as usual) I thought that it probably this is barely a bug.
On the other hand, I got bitten by it because the config file 'looks' pretty much like a Unix config file, and I took me a while to find out why my options were not applied (hence the buggy nature). Maybe instead of the overkill text in the config header, it would be easier just to put one or two inline comments somewhere to show that the ';' should be used for inline mumbling. Just my 2 cents, but thanks for the quick reply. Cheers, S. On Mon, Jun 4, 2012 at 7:47 PM, Yaroslav Halchenko <deb...@onerussian.com> wrote: > tags 676146 +fixed-upstream +pending > thanks > > to say the truth I did not even know that I could do inline comments and > did not feel it alright to embed comments into the value fields... > clarifying that might be worth it but then it would need to be done for > every configuration file which imho would be too much. For now I have > made those modifications in upstream repository: > http://github.com/fail2ban/fail2ban/commit/b4099dae577ca3a4c42037f71f09fd24b1d71030 > and in Debian branch which carries custom jail.conf > http://github.com/fail2ban/fail2ban/commit/6ad4276a4eaf095dd6408122d729fcb1321bd029 > with which I will close this bug whenever freshier f2b gets uploaded > > Cheers, > > On Mon, 04 Jun 2012, Stefano Forli wrote: > >> Package: fail2ban >> Version: 0.8.4-3+squeeze1 >> Severity: normal > >> When parsing a jail.local config file there is a problem when parsing inline >> comments with "#". >> For example the following line in the jail.local file: > >> bantime = 28800 # seconds > >> results in an error message when checking the configuration with >> fail2ban-client: > >> # fail2ban-client -d >> WARNING 'findtime' not defined in 'apache-noscript'. Using default value >> WARNING Wrong value for 'bantime' in 'apache-noscript'. Using default >> one: '600' >> WARNING 'findtime' not defined in 'pam-generic'. Using default value >> WARNING Wrong value for 'bantime' in 'pam-generic'. Using default one: >> '600' >> WARNING 'findtime' not defined in 'vsftpd'. Using default value >> WARNING Wrong value for 'bantime' in 'vsftpd'. Using default one: '600' >> WARNING 'findtime' not defined in 'xinetd-fail'. Using default value >> WARNING Wrong value for 'bantime' in 'xinetd-fail'. Using default one: >> '600' >> WARNING 'findtime' not defined in 'ssh-ddos'. Using default value >> WARNING Wrong value for 'bantime' in 'ssh-ddos'. Using default one: '600' >> ... > >> I've found out in the ConfigParser Python module documentation (used by >> fail2ban >> to parse the config files) there is an explicit mention to this: > >> For backwards compatibility, only ; starts an inline comment, while # >> does not. >> ( http://docs.python.org/release/2.6.8/library/configparser.html ) > >> Possibly this should be mentioned in the default config file provided within >> the package >> maybe as following: > >> diff jail.local_patch jail.local > >> 10,12d9 >> < # Comment lines can be inserted by prefixing them with a '#' >> < # Inline commments must use ';'. >> < # > > > >> -- System Information: >> Debian Release: 6.0.5 >> APT prefers stable >> APT policy: (500, 'stable') >> Architecture: amd64 (x86_64) > >> Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/4 CPU cores) >> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) >> Shell: /bin/sh linked to /bin/dash > >> Versions of packages fail2ban depends on: >> ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init >> scrip >> ii python 2.6.6-3+squeeze7 interactive high-level >> object-orie >> ii python-central 0.6.16+nmu1 register and build utility for >> Pyt > >> Versions of packages fail2ban recommends: >> ii iptables 1.4.8-3 administration tools for packet >> fi >> ii whois 5.0.10 an intelligent whois client > >> Versions of packages fail2ban suggests: >> ii bsd-mailx [mailx] 8.1.2-0.20100314cvs-1 simple mail user agent >> ii mailx 1:20071201-3 Transitional package for mailx >> ren >> pn python-gamin <none> (no description available) > >> -- Configuration Files: >> /etc/fail2ban/jail.conf changed: >> [DEFAULT] >> ignoreip = 127.0.0.1 >> bantime = 7200 >> maxretry = 3 >> backend = polling >> destemail = root@localhost >> banaction = iptables-multiport >> mta = sendmail >> protocol = tcp >> action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", >> protocol="%(protocol)s] >> action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", >> protocol="%(protocol)s] >> %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", >> protocol="%(protocol)s] >> action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", >> protocol="%(protocol)s] >> %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", >> logpath=%(logpath)s] > >> action = %(action_)s >> [ssh] >> enabled = true >> port = ssh >> filter = sshd >> logpath = /var/log/auth.log >> maxretry = 6 >> [pam-generic] >> enabled = false >> filter = pam-generic >> port = all >> banaction = iptables-allports >> port = anyport >> logpath = /var/log/auth.log >> maxretry = 6 >> [xinetd-fail] >> enabled = false >> filter = xinetd-fail >> port = all >> banaction = iptables-multiport-log >> logpath = /var/log/daemon.log >> maxretry = 2 >> [ssh-ddos] >> enabled = false >> port = ssh >> filter = sshd-ddos >> logpath = /var/log/auth.log >> maxretry = 6 >> [apache] >> enabled = false >> port = http,https >> filter = apache-auth >> logpath = /var/log/apache*/*error.log >> maxretry = 6 >> [apache-multiport] >> enabled = false >> port = http,https >> filter = apache-auth >> logpath = /var/log/apache*/*error.log >> maxretry = 6 >> [apache-noscript] >> enabled = false >> port = http,https >> filter = apache-noscript >> logpath = /var/log/apache*/*error.log >> maxretry = 6 >> [apache-overflows] >> enabled = false >> port = http,https >> filter = apache-overflows >> logpath = /var/log/apache*/*error.log >> maxretry = 2 >> [vsftpd] >> enabled = false >> port = ftp,ftp-data,ftps,ftps-data >> filter = vsftpd >> logpath = /var/log/vsftpd.log >> maxretry = 6 >> [proftpd] >> enabled = false >> port = ftp,ftp-data,ftps,ftps-data >> filter = proftpd >> logpath = /var/log/proftpd/proftpd.log >> maxretry = 6 >> [wuftpd] >> enabled = false >> port = ftp,ftp-data,ftps,ftps-data >> filter = wuftpd >> logpath = /var/log/auth.log >> maxretry = 6 >> [postfix] >> enabled = false >> port = smtp,ssmtp >> filter = postfix >> logpath = /var/log/mail.log >> [couriersmtp] >> enabled = false >> port = smtp,ssmtp >> filter = couriersmtp >> logpath = /var/log/mail.log >> [courierauth] >> enabled = false >> port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s >> filter = courierlogin >> logpath = /var/log/mail.log >> [sasl] >> enabled = false >> port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s >> filter = sasl >> logpath = /var/log/mail.log >> [named-refused-tcp] >> enabled = false >> port = domain,953 >> protocol = tcp >> filter = named-refused >> logpath = /var/log/named/security.log > > >> -- no debconf information > > > > > -- > Yaroslav O. Halchenko > Postdoctoral Fellow, Department of Psychological and Brain Sciences > Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 > Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 > WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
