CentOS - Apr 2013 - fail2ban problem

Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing
problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled

The errors I get are:
INFO   Creating new jail 'sasl-iptables'
fail2ban.comm   : WARNING Invalid command: ['add',
'sasl-iptables',
'polling']

I tried gemin against polling but I get the same error.
The strange thing is that if I enable ssh action, starts with no problem.
So it appears to be problem with sasl action, witch is:

[sasl-iptables]

enabled  = true
filter   = sasl
backend  = polling
action   = iptables-multiport[name=sasl,
port="imap,imaps,pop3,pop3s,smtp", protocol=tcp]
           sendmail-whois[name=sasl, dest=my at email]
logpath  = /var/log/maillog

The same setup I have in several mailserver (fedora and centos 6 distro)
and all work fine.

Does someone faced the same problem?

Thak you in advance.

-- 
Untitled Document
------------------------------------------------------------------------
*?????? ????? - Gatsis Nikos*
Web developer
tel.: 2108256721 - 2108256722
fax: 2108256712
email: ngatsis at qbit.gr
http://www.qbit.gr

Try strace to follow all fork/exec to see which command is invalid. Or, 
debug log?

------------
Banyan He
Blog: http://www.rootong.com
Email: banyan at rootong.com

On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote:
> Hello list
> I'm trying to setup fail2ban specially sasl action but I'm facing
problems.
> I have centos-release-5-9.el5.centos.1
> and
> fail2ban-0.8.7.1-1.el5.rf
> installed
> with selinux disabled
>
> The errors I get are:
> INFO   Creating new jail 'sasl-iptables'
> fail2ban.comm   : WARNING Invalid command: ['add',
'sasl-iptables',
> 'polling']
>
> I tried gemin against polling but I get the same error.
> The strange thing is that if I enable ssh action, starts with no problem.
> So it appears to be problem with sasl action, witch is:
>
> [sasl-iptables]
>
> enabled  = true
> filter   = sasl
> backend  = polling
> action   = iptables-multiport[name=sasl,
> port="imap,imaps,pop3,pop3s,smtp", protocol=tcp]
>             sendmail-whois[name=sasl, dest=my at email]
> logpath  = /var/log/maillog
>
> The same setup I have in several mailserver (fedora and centos 6 distro)
> and all work fine.
>
> Does someone faced the same problem?
>
> Thak you in advance.
>

This doesn't look enough for tracking. How about strace? Did you find 
anything interesting?

------------
Banyan He
Blog: http://www.rootong.com
Email: banyan at rootong.com

On 4/10/2013 6:52 PM, Nikos Gatsis - Qbit wrote:
> debug:
>
> fail2ban.server : INFO   Changed logging target to 
> /var/log/fail2ban.log for Fail2ban v0.8.7
> fail2ban.comm   : DEBUG  Command: ['add', 'sasl-iptables',
'polling']
> fail2ban.jail   : INFO   Creating new jail 'sasl-iptables'
> fail2ban.comm   : WARNING Invalid command: ['add',
'sasl-iptables',
> 'polling']
>
> fail2ba-server starts, but dont add rures in iptables.
>
> Thank you
>
>
> On 10/4/2013 1:31 ??, Banyan He wrote:
>> Try strace to follow all fork/exec to see which command is invalid. 
>> Or, debug log?
>>
>> ------------
>> Banyan He
>> Blog: http://www.rootong.com
>> Email: banyan at rootong.com
>>
>> On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote:
>>> Hello list
>>> I'm trying to setup fail2ban specially sasl action but I'm
facing
>>> problems.
>>> I have centos-release-5-9.el5.centos.1
>>> and
>>> fail2ban-0.8.7.1-1.el5.rf
>>> installed
>>> with selinux disabled
>>>
>>> The errors I get are:
>>> INFO   Creating new jail 'sasl-iptables'
>>> fail2ban.comm   : WARNING Invalid command: ['add',
'sasl-iptables',
>>> 'polling']
>>>
>>> I tried gemin against polling but I get the same error.
>>> The strange thing is that if I enable ssh action, starts with no 
>>> problem.
>>> So it appears to be problem with sasl action, witch is:
>>>
>>> [sasl-iptables]
>>>
>>> enabled  = true
>>> filter   = sasl
>>> backend  = polling
>>> action   = iptables-multiport[name=sasl,
>>> port="imap,imaps,pop3,pop3s,smtp", protocol=tcp]
>>>             sendmail-whois[name=sasl, dest=my at email]
>>> logpath  = /var/log/maillog
>>>
>>> The same setup I have in several mailserver (fedora and centos 6 
>>> distro)
>>> and all work fine.
>>>
>>> Does someone faced the same problem?
>>>
>>> Thak you in advance.
>>>
>>
>>
>
> -- 
> Untitled Document
> ------------------------------------------------------------------------
> *?????? ????? - Gatsis Nikos*
> Web developer
> tel.: 2108256721 - 2108256722
> fax: 2108256712
> email: ngatsis at qbit.gr
> http://www.qbit.gr

On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit <ngatsis at
qbit.gr>wrote:
> Hello list
> I'm trying to setup fail2ban specially sasl action but I'm facing
problems.
> I have centos-release-5-9.el5.centos.1
> and
> fail2ban-0.8.7.1-1.el5.rf
>
I'm using fail2ban from EPEL since I didn't have any luck with the
package
from RPMForge.  I standardize on using EPEL if I can (but another admin
installed the rpmforge repo earlier).

I had to tweak the regex for the sasl filter to get it to match failed sasl
auth attempts though (EPEL package).

]# grep failregex /etc/fail2ban/filter.d/sasl.conf
# Option: failregex
#failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/]*={0,2})?$
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/\s]*={0,2})?$


> installed
> with selinux disabled
>
> The errors I get are:
> INFO   Creating new jail 'sasl-iptables'
> fail2ban.comm   : WARNING Invalid command: ['add',
'sasl-iptables',
> 'polling']
>
I believe this is exactly what I saw before I bailed on the rpmforge
fail2ban packages.

>
> I tried gemin against polling but I get the same error.
>
You don't need to set it to gamin ... the sasl jail (by default) is set to
polling (and this works with the EPEL package).

> The strange thing is that if I enable ssh action, starts with no problem.
> So it appears to be problem with sasl action, witch is:
>
> [sasl-iptables]
>
> enabled  = true
> filter   = sasl
> backend  = polling
> action   = iptables-multiport[name=sasl,
> port="imap,imaps,pop3,pop3s,smtp", protocol=tcp]
>            sendmail-whois[name=sasl, dest=my at email]
> logpath  = /var/log/maillog
>
> The same setup I have in several mailserver (fedora and centos 6 distro)
> and all work fine.
>
> Does someone faced the same problem?
>
> Thak you in advance.
>
> --
> Untitled Document
> ------------------------------------------------------------------------
> *?????? ????? - Gatsis Nikos*
> Web developer
> tel.: 2108256721 - 2108256722
> fax: 2108256712
> email: ngatsis at qbit.gr
> http://www.qbit.gr
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
---~~.~~---
Mike
//  SilverTip257  //