Dear all,
I have the problem that fail2ban crashes.
I use the current version (0.9.1) on a freebsd 10.1.
I see the error message:
2015-04-01 05:22:11,242 fail2ban.actions [76101]: ERROR Failed
to execute ban jail 'ssh' action 'pf' info 'CallingMap({'ipjailmatches':
<function <lambda> at 0x805de8320>, 'matches': u'Apr 1 05:21:57 anny
sshd[36634]: error: PAM: authentication error for root from
182.100.67.112\nApr 1 05:22:07 anny sshd[36699]: error: PAM:
authentication error for root from 182.100.67.112\nApr 1 05:22:08 anny
sshd[36699]: error: PAM: authentication error for root from
182.100.67.112', 'ip': '182.100.67.112', 'ipmatches': <function <lambda>
at 0x805de8398>, 'ipfailures': <function <lambda> at 0x805de8230>,
'time': 1427858530.509819, 'failures': 3, 'ipjailfailures': <function
<lambda> at 0x805de82a8>})': 'NoneType' object has no attribute
'__getitem__'
2015-04-01 05:22:11,433 fail2ban.actions [76101]: ERROR Failed
to execute ban jail 'ssh' action 'tcpdrop' info
'CallingMap({'ipjailmatches': <function <lambda> at 0x805de8320>,
'matches': u'Apr 1 05:21:57 anny sshd[36634]: error: PAM:
authentication error for root from 182.100.67.112\nApr 1 05:22:07 anny
sshd[36699]: error: PAM: authentication error for root from
182.100.67.112\nApr 1 05:22:08 anny sshd[36699]: error: PAM:
authentication error for root from 182.100.67.112', 'ip':
'182.100.67.112', 'ipmatches': <function <lambda> at 0x805de8398>,
'ipfailures': <function <lambda> at 0x805de8230>, 'time':
1427858530.509819, 'failures': 3, 'ipjailfailures': <function <lambda>
at 0x805de82a8>})': Error binding parameter 0 - probably unsupported type.
As some programs do not drop the connection after x failed tries I had
to add a command to drop tcp connections.
One program that will not stop after x wrong tries is e.g. asterisk.
If the error happens I have to start fail2ban again.
I changed the configuration to execute two commands (maybe I did there a
mistake).
In jail.local:
[DEFAULT]
banaction = pf
action_drop = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s", chain="%(chain)s"]
tcpdrop[name=%(__name__)s, port="%(port)s",
protocol=%(protocol)s"]
action = %(action_drop)s
In action.d/pf.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = /sbin/pfctl -t <tablename> -T add <ip>/32
actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32
tablename = fail2ban
In action.d/tcpdrop.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = tcpdrop -l -a | grep <ip> | sh
actionunban =
Has anyone an idea why fail2ban crashes?
Thanks
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
