Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling'] I tried gemin against polling but I get the same error. The strange thing is that if I enable ssh action, starts with no problem. So it appears to be problem with sasl action, witch is: [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables-multiport[name=sasl, port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] sendmail-whois[name=sasl, dest=my at email] logpath = /var/log/maillog The same setup I have in several mailserver (fedora and centos 6 distro) and all work fine. Does someone faced the same problem? Thak you in advance. -- Untitled Document ------------------------------------------------------------------------ *?????? ????? - Gatsis Nikos* Web developer tel.: 2108256721 - 2108256722 fax: 2108256712 email: ngatsis at qbit.gr http://www.qbit.gr
Try strace to follow all fork/exec to see which command is invalid. Or, debug log? ------------ Banyan He Blog: http://www.rootong.com Email: banyan at rootong.com On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote:> Hello list > I'm trying to setup fail2ban specially sasl action but I'm facing problems. > I have centos-release-5-9.el5.centos.1 > and > fail2ban-0.8.7.1-1.el5.rf > installed > with selinux disabled > > The errors I get are: > INFO Creating new jail 'sasl-iptables' > fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', > 'polling'] > > I tried gemin against polling but I get the same error. > The strange thing is that if I enable ssh action, starts with no problem. > So it appears to be problem with sasl action, witch is: > > [sasl-iptables] > > enabled = true > filter = sasl > backend = polling > action = iptables-multiport[name=sasl, > port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] > sendmail-whois[name=sasl, dest=my at email] > logpath = /var/log/maillog > > The same setup I have in several mailserver (fedora and centos 6 distro) > and all work fine. > > Does someone faced the same problem? > > Thak you in advance. >
This doesn't look enough for tracking. How about strace? Did you find anything interesting? ------------ Banyan He Blog: http://www.rootong.com Email: banyan at rootong.com On 4/10/2013 6:52 PM, Nikos Gatsis - Qbit wrote:> debug: > > fail2ban.server : INFO Changed logging target to > /var/log/fail2ban.log for Fail2ban v0.8.7 > fail2ban.comm : DEBUG Command: ['add', 'sasl-iptables', 'polling'] > fail2ban.jail : INFO Creating new jail 'sasl-iptables' > fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', > 'polling'] > > fail2ba-server starts, but dont add rures in iptables. > > Thank you > > > On 10/4/2013 1:31 ??, Banyan He wrote: >> Try strace to follow all fork/exec to see which command is invalid. >> Or, debug log? >> >> ------------ >> Banyan He >> Blog: http://www.rootong.com >> Email: banyan at rootong.com >> >> On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote: >>> Hello list >>> I'm trying to setup fail2ban specially sasl action but I'm facing >>> problems. >>> I have centos-release-5-9.el5.centos.1 >>> and >>> fail2ban-0.8.7.1-1.el5.rf >>> installed >>> with selinux disabled >>> >>> The errors I get are: >>> INFO Creating new jail 'sasl-iptables' >>> fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', >>> 'polling'] >>> >>> I tried gemin against polling but I get the same error. >>> The strange thing is that if I enable ssh action, starts with no >>> problem. >>> So it appears to be problem with sasl action, witch is: >>> >>> [sasl-iptables] >>> >>> enabled = true >>> filter = sasl >>> backend = polling >>> action = iptables-multiport[name=sasl, >>> port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] >>> sendmail-whois[name=sasl, dest=my at email] >>> logpath = /var/log/maillog >>> >>> The same setup I have in several mailserver (fedora and centos 6 >>> distro) >>> and all work fine. >>> >>> Does someone faced the same problem? >>> >>> Thak you in advance. >>> >> >> > > -- > Untitled Document > ------------------------------------------------------------------------ > *?????? ????? - Gatsis Nikos* > Web developer > tel.: 2108256721 - 2108256722 > fax: 2108256712 > email: ngatsis at qbit.gr > http://www.qbit.gr
On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit <ngatsis at qbit.gr>wrote:> Hello list > I'm trying to setup fail2ban specially sasl action but I'm facing problems. > I have centos-release-5-9.el5.centos.1 > and > fail2ban-0.8.7.1-1.el5.rf >I'm using fail2ban from EPEL since I didn't have any luck with the package from RPMForge. I standardize on using EPEL if I can (but another admin installed the rpmforge repo earlier). I had to tweak the regex for the sasl filter to get it to match failed sasl auth attempts though (EPEL package). ]# grep failregex /etc/fail2ban/filter.d/sasl.conf # Option: failregex #failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$ failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/\s]*={0,2})?$> installed > with selinux disabled > > The errors I get are: > INFO Creating new jail 'sasl-iptables' > fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', > 'polling'] >I believe this is exactly what I saw before I bailed on the rpmforge fail2ban packages.> > I tried gemin against polling but I get the same error. >You don't need to set it to gamin ... the sasl jail (by default) is set to polling (and this works with the EPEL package).> The strange thing is that if I enable ssh action, starts with no problem. > So it appears to be problem with sasl action, witch is: > > [sasl-iptables] > > enabled = true > filter = sasl > backend = polling > action = iptables-multiport[name=sasl, > port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] > sendmail-whois[name=sasl, dest=my at email] > logpath = /var/log/maillog > > The same setup I have in several mailserver (fedora and centos 6 distro) > and all work fine. > > Does someone faced the same problem? > > Thak you in advance. > > -- > Untitled Document > ------------------------------------------------------------------------ > *?????? ????? - Gatsis Nikos* > Web developer > tel.: 2108256721 - 2108256722 > fax: 2108256712 > email: ngatsis at qbit.gr > http://www.qbit.gr > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- ---~~.~~--- Mike // SilverTip257 //