[linux] Re: fail2ban emails - ik snap het niet

Daniel C. von Asmuth asmuth op bakunin.xs4all.nl
Zo mei 17 16:36:23 CEST 2015 

Aldus schreef Paul de Vries op Sun, May 17, 2015 at 04:15:53PM +0200:
> op mijn servers draai ik centos 6.6, python 2.6.6, en fail2ban 0.8.14 (epel).
> 
> in plesk 12 zit een soort van fail2ban support met daarin een leuke mogelijkheid om met 1 switch mail te kiezen uit kaal, met whois, met whois en loglines.
> in debian zit dat systeem als expliciete debian toevoeging:
> maar ik snap niet hoe je dat moet gebruiken.
> 
> jail.local:
> +++
> [DEFAULT]
> 
> ignoreip = 127.0.0.1
> ignoreip = 192.168.0.11 192.168.0.200 192.168.0.240
> bantime  = 86400
> findtime = 21600
> maxretry = 2
> 
> destemail  = root
> sendername = "fail2ban server3"
> sender     = "fail2ban op server3.pdvsfh.lan"
> mta        = sendmail
> 
> #---
> # debianextra
> #---
> 
> # Action shortcuts. To be used to define action parameter
> 
> # The simplest action to take: ban only
> action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
> 
> # ban & send an e-mail with whois report to the destemail.
> action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
>             %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
> 
> # ban & send an e-mail with whois report and relevant log lines
> # to the destemail.
> action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
>              %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
> 
> # Choose default action.  To change, just override value of 'action' with the
> # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
> # globally (section [DEFAULT]) or per specific section
> action = %(action_)s
> #---
> 
> action = %(action_mw)s
> 

Is die 'action' nu dubbel gedefinieerd?


> [ssh-iptables]
> enabled  = true
> +++
> levert geen mails
> 
> maar 
> +++
> [ssh-iptables]
> enabled  = true
> action = %(action_mw)s
> +++
> levert
> +++
> Starting fail2ban: ERROR  Failed during configuration: Bad value substitution:
> 	section: [ssh-iptables]
> 	option : action
> 	key    : banaction
> 	rawval : [name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
> %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
> 
>                                                            [FAILED]
> +++
> 
> wie snapt wat ik hier fout doe?
> 
> dank,
> paul de vries.

Antwoord: ik (snap het) niet.

Wat is die %(banaction) in jouw geval??

Geen dank,



Daniel.


-- 
	
		Beware of logic, for it leads to paradox. 
		Steer clear of paradoxes, for they defeat logic.

More information about the Linux mailing list