Package: fail2ban Version: 0.7.4-3 Severity: normal I use the attached action configuration file as replacement for the standard iptables action because I need to insert the fail2ban rules into another chain, not INPUT. I also need to execute additional commands after actionstart and before actionend, and I want to be able to control fwchain and the two command sets from the jail.local sections.
So my jail.local file is (line breaks for readability): [DEFAULT] action = iptables[name=%(__name__)s, port=%(port)s, fwchain=%(fwchain)s, post_start_commands=%(post_start_commands)s, pre_end_commands=%(pre_end_commands)s] [ssh] fwchain = ssh-tarpit post_start_commands = iptables -I <fwchain> -j ssh-whitelist pre_end_commands = iptables -D <fwchain> -j ssh-whitelist For the services that I do not list (and which are not enabled), I expect the [DEFAULTS] defined in the action configuration to be used. This does not appear to be the case though: lapse:~# /etc/init.d/fail2ban start Starting authentication failure monitor: fail2banTraceback (most recent call last): File "/usr/bin/fail2ban-client", line 338, in ? if client.start(sys.argv): File "/usr/bin/fail2ban-client", line 316, in start return self.__processCommand(args) File "/usr/bin/fail2ban-client", line 185, in __processCommand self.__readConfig() File "/usr/bin/fail2ban-client", line 321, in __readConfig self.__configurator.getAllOptions() File "/usr/share/fail2ban/client/configurator.py", line 63, in getAllOptions self.__jails.getOptions() File "/usr/share/fail2ban/client/jailsreader.py", line 50, in getOptions ret = jail.getOptions() File "/usr/share/fail2ban/client/jailreader.py", line 68, in getOptions self.__opts = ConfigReader.getOptions(self, self.__name, opts) File "/usr/share/fail2ban/client/configreader.py", line 81, in getOptions v = self.get(sec, option[1]) File "/usr/lib/python2.4/ConfigParser.py", line 525, in get return self._interpolate(section, option, value, d) File "/usr/lib/python2.4/ConfigParser.py", line 593, in _interpolate self._interpolate_some(option, L, rawval, section, vars, 1) File "/usr/lib/python2.4/ConfigParser.py", line 624, in _interpolate_some raise InterpolationMissingOptionError( ConfigParser.InterpolationMissingOptionError: Bad value substitution: section: [apache-noscript] option : action key : fwchain rawval : , post_start_commands=%(post_start_commands)s, pre_end_commands=%(pre_end_commands)s] . -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (750, 'unstable'), (500, 'testing'), (250, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-2-686 Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages fail2ban depends on: ii iptables 1.3.6.0debian1-3 administration tools for packet fi ii lsb-base 3.1-19 Linux Standard Base 3.1 init scrip ii python 2.4.4-1 An interactive high-level object-o ii python-central 0.5.10 register and build utility for Pyt ii python2.4 2.4.4-1 An interactive high-level object-o fail2ban recommends no packages. -- no debconf information -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems
signature.asc
Description: Digital signature (GPG/PGP)