Le 19/05/2023 à 15:49, Wayne Sallee via Fail2ban-users a écrit :
-------- Original Message --------
*Subject: * [Fail2ban-users] Fwd: apache-proxy
*From: * François Patte <francois.pa...@gmx.fr>
*To: * Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: * 2023-5-19 03:26 AM
Thank you for answering.
# fail2ban-regex filter apache-proxy
Running tests
=============
Use failregex filter file : apache-proxy, basedir: /etc/fail2ban
Use single line : filter
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.02 sec]
|- Missed line(s):
| filter
`-
I'm not familiar with running it that way. I always run it as:
fail2ban-regex <logfile> /etc/fail2ban/filter.d/<jail>.conf
Maybe try it that way.
Here is what I get: (as you can see I don't use iptables but nftables
and the problem is maybe fot this reason...)
# fail2ban-regex --print-all-missed /var/log/fail2ban.log
/etc/fail2ban/filter.d/apache-proxy.conf
Running tests
=============
Use failregex filter file : apache-proxy, basedir: /etc/fail2ban
Use log file : /var/log/fail2ban.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [23] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|
?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
`-
Lines: 25 lines, 0 ignored, 0 matched, 25 missed
[processed in 2.97 sec]
|- Missed line(s):
| 2023-05-14 00:00:00,886 fail2ban.server [15779]: INFO
rollover performed on /var/log/fail2ban.log
| 2023-05-15 19:27:19,894 fail2ban.filter [15779]: INFO
[apache-proxy] Found 94.232.45.248 - 2023-05-15 19:27:19
| 2023-05-15 19:27:20,005 fail2ban.actions [15779]: NOTICE
[apache-proxy] Ban 94.232.45.248
| 2023-05-15 19:27:20,020 fail2ban.utils [15779]: Level 39
7fc00c0b6ed0 -- exec: nft add set ip fail2ban f2b-apache-proxy \{ type
ipv4_addr\; \}
| nft insert rule ip fail2ban input tcp dport \{ http,https \} ip saddr
@f2b-apache-proxy drop
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'Error: Could not process rule: No such file or
directory'
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'add set ip fail2ban f2b-apache-proxy { type
ipv4_addr; }'
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: ' ^^^^^^^^'
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'Error: Could not process rule: No such file or
directory'
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'insert rule ip fail2ban input tcp dport {
http,https } ip saddr @f2b-apache-proxy drop'
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: ' ^^^^^^^^'
| 2023-05-15 19:27:20,021 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- returned 1
| 2023-05-15 19:27:20,021 fail2ban.actions [15779]: ERROR
Failed to execute ban jail 'apache-proxy' action 'nftables-multiport'
info 'ActionInfo({'ip': '94.232.45.248', 'family': 'inet4', 'ip-rev':
'248.45.232.94.', 'ip-host': None, 'fid': '94.232.45.248', 'failures':
1, 'time': 1684171639, 'matches': '94.232.45.248 - -
[15/May/2023:19:27:19 +0200] "\\x03" 400 0 "-" "-"', 'restored': 0,
'F-*': {'matches': [('94.232.45.248 - - [', '15/May/2023:19:27:19
+0200', '] "\\x03" 400 0 "-" "-"')], 'failures': 1, 'ip4':
'94.232.45.248'}, 'ipmatches': '94.232.45.248 - - [15/May/2023:19:27:19
+0200] "\\x03" 400 0 "-" "-"', 'ipjailmatches': '94.232.45.248 - -
[15/May/2023:19:27:19 +0200] "\\x03" 400 0 "-" "-"', 'ipfailures': 1,
'ipjailfailures': 1})': Error starting action
Jail('apache-proxy')/nftables-multiport
| 2023-05-17 19:48:03,518 fail2ban.filter [15779]: INFO
[apache-proxy] Found 88.214.25.4 - 2023-05-17 19:48:03
| 2023-05-17 19:48:03,722 fail2ban.actions [15779]: NOTICE
[apache-proxy] Ban 88.214.25.4
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: Level 39
7fc00c0b6ed0 -- exec: nft add set ip fail2ban f2b-apache-proxy \{ type
ipv4_addr\; \}
| nft insert rule ip fail2ban input tcp dport \{ http,https \} ip saddr
@f2b-apache-proxy drop
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'Error: Could not process rule: No such file or
directory'
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'add set ip fail2ban f2b-apache-proxy { type
ipv4_addr; }'
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: ' ^^^^^^^^'
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'Error: Could not process rule: No such file or
directory'
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: 'insert rule ip fail2ban input tcp dport {
http,https } ip saddr @f2b-apache-proxy drop'
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- stderr: ' ^^^^^^^^'
| 2023-05-17 19:48:03,732 fail2ban.utils [15779]: ERROR
7fc00c0b6ed0 -- returned 1
| 2023-05-17 19:48:03,732 fail2ban.actions [15779]: ERROR
Failed to execute ban jail 'apache-proxy' action 'nftables-multiport'
info 'ActionInfo({'ip': '88.214.25.4', 'family': 'inet4', 'ip-rev':
'4.25.214.88.', 'ip-host': None, 'fid': '88.214.25.4', 'failures': 1,
'time': 1684345683, 'matches': '88.214.25.4 - - [17/May/2023:19:48:03
+0200] "\\x03" 400 0 "-" "-"', 'restored': 0, 'F-*': {'matches':
[('88.214.25.4 - - [', '17/May/2023:19:48:03 +0200', '] "\\x03" 400 0
"-" "-"')], 'failures': 1, 'ip4': '88.214.25.4'}, 'ipmatches':
'88.214.25.4 - - [17/May/2023:19:48:03 +0200] "\\x03" 400 0 "-" "-"',
'ipjailmatches': '88.214.25.4 - - [17/May/2023:19:48:03 +0200] "\\x03"
400 0 "-" "-"', 'ipfailures': 1, 'ipjailfailures': 1})': Error starting
action Jail('apache-proxy')/nftables-multiport
F.P.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
