Package: fail2ban Version: 0.7.4-3 Severity: normal I use the attached action configuration file as replacement for the standard iptables action because I need to insert the fail2ban rules into another chain, not INPUT. I also need to execute additional commands after actionstart and before actionend, and I want to be able to control fwchain and the two command sets from the jail.local sections.
So my jail.local file is (line breaks for readability):
[DEFAULT]
action = iptables[name=%(__name__)s, port=%(port)s, fwchain=%(fwchain)s,
post_start_commands=%(post_start_commands)s,
pre_end_commands=%(pre_end_commands)s]
[ssh]
fwchain = ssh-tarpit
post_start_commands = iptables -I <fwchain> -j ssh-whitelist
pre_end_commands = iptables -D <fwchain> -j ssh-whitelist
For the services that I do not list (and which are not enabled),
I expect the [DEFAULTS] defined in the action configuration to be
used. This does not appear to be the case though:
lapse:~# /etc/init.d/fail2ban start
Starting authentication failure monitor: fail2banTraceback (most recent call
last):
File "/usr/bin/fail2ban-client", line 338, in ?
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 316, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 185, in __processCommand
self.__readConfig()
File "/usr/bin/fail2ban-client", line 321, in __readConfig
self.__configurator.getAllOptions()
File "/usr/share/fail2ban/client/configurator.py", line 63, in getAllOptions
self.__jails.getOptions()
File "/usr/share/fail2ban/client/jailsreader.py", line 50, in getOptions
ret = jail.getOptions()
File "/usr/share/fail2ban/client/jailreader.py", line 68, in getOptions
self.__opts = ConfigReader.getOptions(self, self.__name, opts)
File "/usr/share/fail2ban/client/configreader.py", line 81, in getOptions
v = self.get(sec, option[1])
File "/usr/lib/python2.4/ConfigParser.py", line 525, in get
return self._interpolate(section, option, value, d)
File "/usr/lib/python2.4/ConfigParser.py", line 593, in _interpolate
self._interpolate_some(option, L, rawval, section, vars, 1)
File "/usr/lib/python2.4/ConfigParser.py", line 624, in _interpolate_some
raise InterpolationMissingOptionError(
ConfigParser.InterpolationMissingOptionError: Bad value substitution:
section: [apache-noscript]
option : action
key : fwchain
rawval : , post_start_commands=%(post_start_commands)s,
pre_end_commands=%(pre_end_commands)s]
.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (750, 'unstable'), (500, 'testing'), (250, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18-2-686
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages fail2ban depends on:
ii iptables 1.3.6.0debian1-3 administration tools for packet fi
ii lsb-base 3.1-19 Linux Standard Base 3.1 init scrip
ii python 2.4.4-1 An interactive high-level object-o
ii python-central 0.5.10 register and build utility for Pyt
ii python2.4 2.4.4-1 An interactive high-level object-o
fail2ban recommends no packages.
-- no debconf information
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
signature.asc
Description: Digital signature (GPG/PGP)
