Hi,
In my apache22-error_log I have many lines like:
2019-06-13T07:53:24+02:00 DiskStation [Thu Jun 13 07:53:24 2019] [error]
[client xx.xx.xx.xx] Directory index forbidden by Options directive:
/var/services/web/
2019-06-13T09:33:12+02:00 DiskStation [Thu Jun 13 09:33:12 2019] [error]
[client xx.xx.xx.xx] File does not exist: /var/services/web/robots.txt
I was already running fail2ban with sasl, postfix and dovecot filters and
wanted to add the apache filters. There are many apache filters and
apache-common.conf seemed the appropriate filter. However, running the filter
with fail2ban-regex gives the following error:
Running tests
=============
Use failregex filter file : apache-common, basedir: /etc/fail2ban
Traceback (most recent call last):
File "/usr/bin/fail2ban-regex", line 34, in <module>
exec_command_line()
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
685, in exec_command_line
if not fail2banRegex.start(args):
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
586, in start
if not self.readRegex(cmd_regex, 'fail'): # pragma: no cover
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
368, in readRegex
self.setMaxLines(optval)
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
275, in setMaxLines
self._filter.setMaxLines(int(v))
TypeError: int() argument must be a string, a bytes-like object or a number,
not ‘NoneType'
Then I noticed that apache-common.conf is included in the other filters by
before = apache-common.conf (I guess that’s what this means).
So, I then ran fail2ban-regex with apache-auth.conf but then zero hits. I saw
on GitHub that a few years back the apache log message changed to
[:error] [pid xxxx] [client xx.xx.xx.xx:xxxx]
And that this _apache_error_client = <apache-prefix>\[(:?error|\S+:\S+)\](
\[pid \d+(:\S+ \d+)?\])? \[client <HOST>(:\d{1,5})?\] should pick up the new
lines.
Apparently, Synology is still using old apache because my error log seems
ancient. I have tried changing the _apache_error_client but that didn’t’t work
(I’n not a regex expert…).
Can somebody please help?
Thanks in advance,
Erik
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users