Hi,

In my apache22-error_log I have many lines like:

2019-06-13T07:53:24+02:00 DiskStation [Thu Jun 13 07:53:24 2019] [error] 
[client xx.xx.xx.xx] Directory index forbidden by Options directive: 
/var/services/web/
2019-06-13T09:33:12+02:00 DiskStation [Thu Jun 13 09:33:12 2019] [error] 
[client xx.xx.xx.xx] File does not exist: /var/services/web/robots.txt

I was already running fail2ban with sasl, postfix and dovecot filters and 
wanted to add the apache filters. There are many apache filters and 
apache-common.conf seemed the appropriate filter. However, running the filter 
with fail2ban-regex gives the following error:

Running tests
=============

Use   failregex filter file : apache-common, basedir: /etc/fail2ban
Traceback (most recent call last):
  File "/usr/bin/fail2ban-regex", line 34, in <module>
    exec_command_line()
  File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line 
685, in exec_command_line
    if not fail2banRegex.start(args):
  File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line 
586, in start
    if not self.readRegex(cmd_regex, 'fail'): # pragma: no cover
  File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line 
368, in readRegex
    self.setMaxLines(optval)
  File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line 
275, in setMaxLines
    self._filter.setMaxLines(int(v))
TypeError: int() argument must be a string, a bytes-like object or a number, 
not ‘NoneType'

Then I noticed that apache-common.conf is included in the other filters by 
before = apache-common.conf (I guess that’s what this means).
So, I then ran fail2ban-regex with apache-auth.conf but then zero hits. I saw 
on GitHub that a few years back the apache log message changed to 

[:error] [pid xxxx] [client xx.xx.xx.xx:xxxx]

And that this _apache_error_client = <apache-prefix>\[(:?error|\S+:\S+)\]( 
\[pid \d+(:\S+ \d+)?\])? \[client <HOST>(:\d{1,5})?\] should pick up the new 
lines.
Apparently, Synology is still using old apache because my error log seems 
ancient. I have tried changing the _apache_error_client but that didn’t’t work 
(I’n not a regex expert…).

Can somebody please help?

Thanks in advance,
Erik
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to