Hi,
I have done some testing without the patch
I have tested
- putting sleep between commands (I have tested this yesterday too) - it
didn't help
- putting all commands in one line, separated with ; - it didn't help
- putting all commands in one line, separated with && - it didn't help
- putting all commands in one line, separated with ; and I put () around
whole line - it failed differently, it seems, it separates commands somewhere
on it's own
-----
sh: -c: line 1: syntax error: unexpected end of file
2009-11-04 09:34:33,313 fail2ban.actions.action: ERROR (iptables -N fail2ban-
postfix returned 200
-----
> now the question -- what is your /bin/sh? ;)
> could you try different kernel? I've tried on 2.6.26-2-amd64
/bin/sh is bash 3.2-5
Sorry , I cannot use another kernel now, this is our main production server.
Well, I really don't know, where the problem might be, so I'll stick to this
patch for now, it works for me.
We have some filtering of smtp port based on results from amavis and 554 from
postfix, we have around 100-200 hosts banned in this jail (for 30 minutes) all
day, I think it filtres lots of spam - I can send it as some wishlist bug - but
i think it's based on some filter I have downloaded somewhere, so I don't
remember licence
Libor
Dne úterý 03 Listopad 2009 22:09:10 Yaroslav Halchenko napsal(a):
> > Patch is working, but i can't use action_mw
> > (output goes like this
> > ---------------
> > 2009-11-03 21:04:02,138 fail2ban.actions.action: ERROR printf %b
> > "Subject: [Fail2Ban] cyrus: started
> > From: Fail2Ban <fail2ban>
>
> well -- that is what the patch you've applied accomplished
> unfortunately :-/ since the mailing command is a multiline printf
> command. imho instead of that patch I would simple tune up the action
> for banning -- just add sleep 1 (or sleep 0.1 if system has that recent
> sleep ;)) after each command and see how that helps
>
> or may be alternatively just placing all commands on 1 line with ";"
> between them -- so they should start as a one command (you said that
> system tolerated that fine)
>
> > All commands in one line work ok from command line.
>
> interesting -- thanks for checking
>
> > Sequence is also ok. Fail2ban launches actions in threads?
>
> to say the truth -- I don't know exactly... from what I know, it just
> calls system() from stdlib, which should call "/bin/sh -c '.....'"
>
> I still think that the issue is deeper underground (iptables return
> before actually completing modification of the table etc) although
> myself could not replicate it on none of boxes (biefie enough: 8 cores,
> 64GB RAM etc) with smth like
>
> for f in {1..100}; do /bin/sh -c "iptables -N fail2ban-proftpd; iptables -A
> fail2ban-proftpd -j RETURN; iptables -I INPUT -p tcp -m multiport --dports
> ftp,ftp-data,ftps,ftps-data -j fail2ban-proftpd; iptables -D INPUT -p tcp
> -m multiport --dports ftp,ftp-data,ftps,ftps-data -j fail2ban-proftpd;
> iptables -F fail2ban-proftpd; iptables -X fail2ban-proftpd"; done
>
> now the question -- what is your /bin/sh? ;)
> could you try different kernel? I've tried on 2.6.26-2-amd64
>
signature.asc
Description: This is a digitally signed message part.
