Re: [CentOS] Nasty Fail2Ban update for Centos 7

2020-01-02 Thread Michel van Deventer
On Tue, 2019-12-31 at 10:19 +0100, Nicolas Kovacs wrote:
> Le 31/12/2019 à 03:14, Allan a écrit :
> > Then gotta dig into Koji, to find the old version, download it,
> > and downgrade to that - and pew, everything is back to normal.
> > 
> > The old one seems to be version 0.9.7 and the new one is 0.10.4
> > 
> > I haven't had time to look into Fail2Bans info about these 2
> > version,
> > but since there is a major version change - is it really possible
> > to
> > just upgrade these ?
> > 
> > Sure, I would love to have a working 0.10.4 for my Centos 7 - but
> > it
> > shouldn't destroy my existing system - or it should at least warn
> > me
> > about that - or what to fix.
> 
> I have automatic updates with yum-cron on all my production servers.
> Fail2ban 
> has been recently upgraded to 0.10.4 and still works perfectly.
We also had it updated and fail2ban worked perfectly except it did not
ban anymore on the sshd jail. This was caused by the
/etc/fail2ban/filter.d/sshd.conf file which should have been replaced
with a new one from the rpm (there was a sshd.conf.rpmnew file).

Below the error we found in /var/log/fail2ban.log :
2019-12-09 10:02:15,294 fail2ban.filtersystemd  [13628]: INFO[sshd]
Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2019-12-09 10:02:15,295 fail2ban.filter [13628]: ERROR   No
failure-id group in 'normal'
2019-12-09 10:02:15,295 fail2ban.transmitter[13628]: WARNING
Command ['set', 'sshd', 'addfailregex', 'normal'] has failed. Received
RegexException("No failure-id group in 'normal'",)
2019-12-09 10:02:15,295 fail2ban[13628]: ERROR   NOK:
("No failure-id group in 'normal'",)
 
  Regards,

Michel



--

De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.

Denk s.v.p aan het milieu voor u deze e-mail afdrukt.

--

This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.

Please consider the environment before printing this e-mail.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2020-01-01 Thread Chris Adams
Once upon a time, Allan  said:
> Just noticed that Fail2Ban have generated a 6MB error log because
> of the update, and FirewallD a 1MB log of errors !
> (not sure if any of those were really working after this)

It might be helpful to actually post some of the errors and your local
config (what you have changed from defaults).  Without that, nobody can
help figure out what is happening on your system.

I'm the person that asked for the update - the previous firewalld config
was incomplete (set banaction but not banaction_allports), and I wanted
to see IPv6 support.  I'm using the update on multiple CentOS 7 systems
(some with firewalld and some with iptables) without errors.

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2020-01-01 Thread Paul Heinlein

On Wed, 1 Jan 2020, Allan wrote:


På Tue, 31 Dec 2019 18:53:38 +
John H Nyhuis  skrev:

Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7
is firewalld.  They take different fail2ban packages.

CentOS6 = fail2ban
CentOS7 = fail2ban-firewalld

Are you sure you are running the correct fail2ban package for your
firewall?  (I screwed this up myself before I noticed and fixed it...)


I do have the f2b-firewalld package installed yes. Since it was an 
update - it only replaced same installed packages.


A standard install of F2B on Centos7 do also include the f2b-systemd 
package - which would seem logical. However, after I started using 
the recidive filter - which IMHO is one of the most important ones - 
it didn't work. Removing the f2b-systemd package fixed that - and 
didn't hurt anything else.


I have no idea why that is - or if that could be part of the problem 
with the update here on my system.


If it helps to have another data point, my C7 server has two fail2ban 
packages installed:


* fail2ban-firewalld-0.10.4-1.el7.noarch
* fail2ban-server-0.10.4-1.el7.noarch

They were upgraded back on December 9 and have worked without any 
major hiccups.


The fail2ban-server package provides the systemd unit file, 
/usr/lib/systemd/system/fail2ban.service, so I was curious to know 
what the the fail2ban-systemd package actually does. The description 
field for the fail2ban-systemd rpm says,



This package configures Fail2Ban to use the systemd journal for
its log input by default.


All of the logpath entries in my fail2ban configuration point to 
ordinary /var/log/* files. I don't know how fail2ban-systemd repoints 
the logpath entries to use inputs from systemd-journald, but I suspect 
that's where the mismatch may be happening.


--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2020-01-01 Thread Nicolas Kovacs

Le 31/12/2019 à 19:53, John H Nyhuis a écrit :

Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7 is
firewalld.  They take different fail2ban packages.

CentOS6 = fail2ban
CentOS7 = fail2ban-firewalld

Are you sure you are running the correct fail2ban package for your
firewall?  (I screwed this up myself before I noticed and fixed it...)


On my CentOS 7 servers, I have removed firewalld and I'm still using fail2ban 
with my custom iptables script.


In this case, the only package you have to install is fail2ban-server.

Happy New Year,

Niki

--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2019-12-31 Thread Allan
På Tue, 31 Dec 2019 18:53:38 +
John H Nyhuis  skrev:
> Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7
> is firewalld.  They take different fail2ban packages.
> 
> CentOS6 = fail2ban
> CentOS7 = fail2ban-firewalld
> 
> Are you sure you are running the correct fail2ban package for your 
> firewall?  (I screwed this up myself before I noticed and fixed it...)

I do have the f2b-firewalld package installed yes.
Since it was an update - it only replaced same installed packages.

A standard install of F2B on Centos7 do also include the f2b-systemd
package - which would seem logical.
However, after I started using the recidive filter - which IMHO is one
of the most important ones - it didn't work.
Removing the f2b-systemd package fixed that - and didn't hurt anything
else.

I have no idea why that is - or if that could be part of the problem
with the update here on my system.


  Allan.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2019-12-31 Thread Allan
På Tue, 31 Dec 2019 10:19:26 +0100
Nicolas Kovacs  skrev:
> Le 31/12/2019 à 03:14, Allan a écrit :
> > Then gotta dig into Koji, to find the old version, download it,
> > and downgrade to that - and pew, everything is back to normal.
> > 
> > The old one seems to be version 0.9.7 and the new one is 0.10.4
> > 
> > I haven't had time to look into Fail2Bans info about these 2
> > version, but since there is a major version change - is it really
> > possible to just upgrade these ?
> > 
> > Sure, I would love to have a working 0.10.4 for my Centos 7 - but it
> > shouldn't destroy my existing system - or it should at least warn me
> > about that - or what to fix.  
> 
> I have automatic updates with yum-cron on all my production servers.
> Fail2ban has been recently upgraded to 0.10.4 and still works
> perfectly.
> 
> tl;dr : don't worry be happy :o)

Well, tend to worry a lot, when the logs suddanly have nothing but
errors in them...

..but thx for letting me know it works for you.

  Allan.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2019-12-31 Thread John H Nyhuis
Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7 is 
firewalld.  They take different fail2ban packages.

CentOS6 = fail2ban
CentOS7 = fail2ban-firewalld

Are you sure you are running the correct fail2ban package for your 
firewall?  (I screwed this up myself before I noticed and fixed it...)

Good Luck!
Thanks,

John H. Nyhuis
Desk: (206)-685-8334
jnyh...@uw.edu
Box 359461, 15th floor, 106

On 12/30/2019 6:14 PM, Allan wrote:
> Hi all...
> 
> Recently a new Fail2Ban was available among some other updates for my
> Centos 7 system, and I just updated all.
> It seems that was a very BAD idea.
> 
> Just noticed that Fail2Ban have generated a 6MB error log because
> of the update, and FirewallD a 1MB log of errors !
> (not sure if any of those were really working after this)
> 
> ok, I'll just run yum downgrade fail2ban I thought.
> Naa, no way back - Epel doesn't have a fallback option !
> 
> Then gotta dig into Koji, to find the old version, download it,
> and downgrade to that - and pew, everything is back to normal.
> 
> The old one seems to be version 0.9.7 and the new one is 0.10.4
> 
> I haven't had time to look into Fail2Bans info about these 2 version,
> but since there is a major version change - is it really possible to
> just upgrade these ?
> 
> Sure, I would love to have a working 0.10.4 for my Centos 7 - but it
> shouldn't destroy my existing system - or it should at least warn me
> about that - or what to fix.
> 
> 
>Allan.
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Nasty Fail2Ban update for Centos 7

2019-12-31 Thread Nicolas Kovacs

Le 31/12/2019 à 03:14, Allan a écrit :

Then gotta dig into Koji, to find the old version, download it,
and downgrade to that - and pew, everything is back to normal.

The old one seems to be version 0.9.7 and the new one is 0.10.4

I haven't had time to look into Fail2Bans info about these 2 version,
but since there is a major version change - is it really possible to
just upgrade these ?

Sure, I would love to have a working 0.10.4 for my Centos 7 - but it
shouldn't destroy my existing system - or it should at least warn me
about that - or what to fix.


I have automatic updates with yum-cron on all my production servers. Fail2ban 
has been recently upgraded to 0.10.4 and still works perfectly.


tl;dr : don't worry be happy :o)

Cheers,

Niki

--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] Nasty Fail2Ban update for Centos 7

2019-12-30 Thread Allan
Hi all...

Recently a new Fail2Ban was available among some other updates for my
Centos 7 system, and I just updated all.
It seems that was a very BAD idea.

Just noticed that Fail2Ban have generated a 6MB error log because
of the update, and FirewallD a 1MB log of errors !
(not sure if any of those were really working after this)

ok, I'll just run yum downgrade fail2ban I thought.
Naa, no way back - Epel doesn't have a fallback option !

Then gotta dig into Koji, to find the old version, download it,
and downgrade to that - and pew, everything is back to normal.

The old one seems to be version 0.9.7 and the new one is 0.10.4

I haven't had time to look into Fail2Bans info about these 2 version,
but since there is a major version change - is it really possible to
just upgrade these ?

Sure, I would love to have a working 0.10.4 for my Centos 7 - but it
shouldn't destroy my existing system - or it should at least warn me
about that - or what to fix.


  Allan.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos